CVE-2020-9386

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-9386

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9386.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-9386

Published

2020-03-09T16:15:16.017Z

Modified

2026-03-14T10:35:29.998878Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type

GIT

Repo

https://github.com/maharaproject/mahara

Events

Introduced

d427203cfda1e9f65598be9c86f41094619d31c5

Fixed

2e1293f1410b528ff51da0ef0f64b0178473b9ec

Introduced

d98eee64dc05a1b1fa163b033f0443b5dd6fde92

Fixed

82773b433344b9fe996b08245cd06e451ff490cb

Introduced

6baa307ceb0dfb0292f13b5f23410af77017ee96

Fixed

b2f386dece4b787108ac0ab4f936ac5e1bd48411

Database specific

{
    "versions": [
        {
            "introduced": "18.10.0"
        },
        {
            "fixed": "18.10.5"
        },
        {
            "introduced": "19.04.0"
        },
        {
            "fixed": "19.04.4"
        },
        {
            "introduced": "19.10.0"
        },
        {
            "fixed": "19.10.2"
        }
    ]
}

Affected versions

18.*

18.10.0_RELEASE

18.10.1_RELEASE

18.10.2_RELEASE

18.10.3_RELEASE

18.10.4_RELEASE

19.*

19.04.0_RELEASE

19.04.1_RELEASE

19.04.2_RELEASE

19.04.3_RELEASE

19.10.0_RELEASE

19.10.1_RELEASE

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9386.json"