CVE-2017-1000150

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000150
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000150.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000150
Published
2017-11-03T18:29:00Z
Modified
2024-09-03T01:34:22.590380Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected versions

1.*

1.0.0ALPHA1_RELEASE
1.0.0ALPHA2_RELEASE
1.0.0BETA1_RELEASE
1.0.0BETA2_RELEASE
1.1.0ALPHA1_RELEASE
1.1.0ALPHA2_RELEASE
1.1.0ALPHA3_RELEASE
1.1.0BETA1_RELEASE
1.1.0BETA2_RELEASE
1.1.0BETA3_RELEASE
1.1.0BETA4_RELEASE
1.2.0ALPHA1_RELEASE
1.2.0ALPHA2_RELEASE
1.2.0ALPHA3_RELEASE
1.2.0BETA1_RELEASE
1.2.0BETA2_RELEASE
1.2.0BETA3_RELEASE
1.2.0BETA4_RELEASE
1.2.0RC1_RELEASE
1.3.0BETA1_RELEASE
1.3.0BETA2_RELEASE
1.3.0BETA3_RELEASE
1.3.0BETA4_RELEASE
1.4.0ALPHA1_RELEASE
1.7RC1_RELEASE
1.8RC1_RELEASE
1.8RC2_RELEASE

15.*

15.04RC1_RELEASE
15.04RC2_RELEASE
15.10.0_RELEASE
15.10.1_RELEASE
15.10RC1_RELEASE
15.10RC2_RELEASE