CVE-2011-1402 — MEDIUM (6.5)

Q: How severe is CVE-2011-1402?

CVE-2011-1402 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1402?

Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.

Vulnerability Description

Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mahara	Mahara	<= 1.3.5

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2011-1402?

CVE-2011-1402 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a pl...

How severe is CVE-2011-1402?

CVE-2011-1402 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1402?

Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.