CVE-2024-39335 — CRITICAL (9.1)

Q: How severe is CVE-2024-39335?

CVE-2024-39335 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-39335?

Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.

Vulnerability Description

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mahara	Mahara	>= 23.04.0, < 23.04.6

Related Weaknesses (CWE)

CWE-200

References

https://mahara.org/interaction/forum/topic.php?id=9519Vendor Advisory
https://mahara.org/interaction/forum/view.php?id=43Vendor Advisory

FAQ

What is CVE-2024-39335?

CVE-2024-39335 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submi...

How severe is CVE-2024-39335?

CVE-2024-39335 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-39335?

Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.