CVE-2017-1000147

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000147

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000147.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000147

Published

2017-11-03T18:29:00.793Z

Modified

2026-03-10T14:16:26.393877Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.

References

https://bugs.launchpad.net/mahara/+bug/1480329

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type

GIT

Repo

https://github.com/maharaproject/mahara

Events

Introduced

Last affected

91a483f6f5f2b9fb09bc33c4c98cea66581587cc

Introduced

Last affected

ccbf63bbaf768784757dd8b7a6e3841eb55ad9cd

Introduced

Last affected

01d7c8e0fa6ad9d06fd8de8f25dbc8e299373216

Introduced

Last affected

5565883f64ce37a7e1313b91c2862e8b837101c4

Introduced

Last affected

776a4bab9a37273823ef081fab1357d7c0cf91e8

Introduced

Last affected

b0e585768829456eb7174936b533ccfcc024264c

Introduced

Last affected

c7cbe04639e04d247b25bc535147d409b350c2e7

Introduced

Last affected

45ad9175bc1ad3355152607aff9ea712bb4b9445

Introduced

Last affected

bde50168b51979e1ab5081f0437a9923d5437c13

Introduced

Last affected

2f5c68b907e43feb45f419665d221d78510d6cce

Introduced

Last affected

f670d266749f243f82da7e707cad564a79a3dfe4

Introduced

Last affected

51aa89acd91866bf1440acf3a8eb0b68774a1e14

Introduced

Last affected

c055d23e1454d15bd96d8589da8687aa444e1bfb

Introduced

Last affected

b6692ccbd0e71253b07a1653639a3161cf44e3d1

Introduced

Last affected

576c0a5f0935930215fe139d13091330e5dfa100

Introduced

Last affected

55009338a5519252d73a68d417d3b587b9184ff1

Introduced

Last affected

48a238a2f76a7ea322580fe93b7c026becd9acce

Introduced

Last affected

39ac3f76ea3981e204aca4f25a6d60bd988094f0

Introduced

Last affected

9b217d5c0da7118a8c9d668794a3869d85276534

Introduced

Last affected

71a160b12bcde1bd3569377c8e010436228aaf5f

Introduced

Last affected

3b3d3e3cd03d1663da0b0e3826fcdff13f488886

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.04-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.04-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.04.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.04.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.04.2"
        }
    ]
}

Affected versions

1.*

1.0.0ALPHA1_RELEASE

1.0.0ALPHA2_RELEASE

1.0.0BETA1_RELEASE

1.0.0BETA2_RELEASE

1.1.0ALPHA1_RELEASE

1.1.0ALPHA2_RELEASE

1.1.0ALPHA3_RELEASE

1.1.0BETA1_RELEASE

1.1.0BETA2_RELEASE

1.1.0BETA3_RELEASE

1.1.0BETA4_RELEASE

1.10RC1_RELEASE

1.2.0ALPHA1_RELEASE

1.2.0ALPHA2_RELEASE

1.2.0ALPHA3_RELEASE

1.2.0BETA1_RELEASE

1.2.0BETA2_RELEASE

1.2.0BETA3_RELEASE

1.2.0BETA4_RELEASE

1.2.0RC1_RELEASE

1.3.0BETA1_RELEASE

1.3.0BETA2_RELEASE

1.3.0BETA3_RELEASE

1.3.0BETA4_RELEASE

1.4.0ALPHA1_RELEASE

1.7RC1_RELEASE

1.8RC1_RELEASE

1.8RC2_RELEASE

1.9RC1_RELEASE

15.*

15.04RC1_RELEASE

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000147.json"