Vulnerability Description
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | < 20.10.5 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/mahara/+bug/1930171Issue TrackingPatchVendor Advisory
- https://mahara.org/interaction/forum/topic.php?id=9094Vendor Advisory
- https://bugs.launchpad.net/mahara/+bug/1930171Issue TrackingPatchVendor Advisory
- https://mahara.org/interaction/forum/topic.php?id=9094Vendor Advisory
FAQ
What is CVE-2022-28892?
CVE-2022-28892 is a vulnerability with a CVSS score of 8.8 (HIGH). Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
How severe is CVE-2022-28892?
CVE-2022-28892 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-28892?
Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.