CVE-2011-2774

Published: 15 November 2011

The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.

Priority

Status

Package	Release	Status
mahara Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (1.4 only)
	maverick	Not vulnerable (1.4 only)
	natty	Not vulnerable (1.4 only)
	oneiric	Released (1.4.0-1ubuntu0.1)
	upstream	Released (1.4.1-1)
	Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358

References

https://www.cve.org/CVERecord?id=CVE-2011-2774
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›