CVE-2017-1000152

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000152
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000152.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000152
Published
2017-11-03T18:29:00.980Z
Modified
2026-05-30T08:41:15.097252Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type
GIT
Repo
https://github.com/maharaproject/mahara
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
48a238a2f76a7ea322580fe93b7c026becd9acce
Last affected
39ac3f76ea3981e204aca4f25a6d60bd988094f0
Last affected
9b217d5c0da7118a8c9d668794a3869d85276534
Last affected
71a160b12bcde1bd3569377c8e010436228aaf5f
Last affected
3b3d3e3cd03d1663da0b0e3826fcdff13f488886
Last affected
44ebd0f0993352955f7971920fa8ca231e6a8bb9
Last affected
d527a5edeb6087fd94956e1e3e18bcf4a432540d
Last affected
53ee40015a2363a6c5c3d3cccc3fb35e27a7abb0
Last affected
eea43577f7952fcfef7cbaf61b87cce1bdcdb8dd
Last affected
b5fe2b35e1a12171feeb6a9d15e9308ea5787fe1
Last affected
2c77126e11080109b24fb7068b57f236ee9d3a2d
Last affected
3c718e63ed2b6d3d351d38d94c7008ee880ad655
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.04-rc1"
        },
        {
            "last_affected": "15.04-rc2"
        },
        {
            "last_affected": "15.04.0"
        },
        {
            "last_affected": "15.04.1"
        },
        {
            "last_affected": "15.04.2"
        },
        {
            "last_affected": "15.04.3"
        },
        {
            "last_affected": "15.04.4"
        },
        {
            "last_affected": "15.04.5"
        },
        {
            "last_affected": "15.04.6"
        },
        {
            "last_affected": "15.10.0"
        },
        {
            "last_affected": "15.10.1"
        },
        {
            "last_affected": "15.10.2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.0.0ALPHA1_RELEASE
1.0.0ALPHA2_RELEASE
1.0.0BETA2_RELEASE
1.1.0ALPHA1_RELEASE
1.1.0ALPHA2_RELEASE
1.1.0ALPHA3_RELEASE
1.1.0BETA2_RELEASE
1.1.0BETA4_RELEASE
1.2.0ALPHA2_RELEASE
1.2.0ALPHA3_RELEASE
1.3.0BETA1_RELEASE
1.3.0BETA2_RELEASE
1.4.0ALPHA1_RELEASE
1.7RC1_RELEASE
1.8RC1_RELEASE
1.8RC2_RELEASE
15.*
15.04.0_RELEASE
15.04.1_RELEASE
15.04.2_RELEASE
15.04.3_RELEASE
15.04.4_RELEASE
15.04.5_RELEASE
15.04.6_RELEASE
15.04RC1_RELEASE
15.04RC2_RELEASE
15.10.0_RELEASE
15.10.1_RELEASE
15.10.2_RELEASE
15.10RC1_RELEASE
15.10RC2_RELEASE

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000152.json"