CVE-2020-9387

Source
https://cve.org/CVERecord?id=CVE-2020-9387
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9387.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-9387
Published
2020-04-30T13:15:13.460Z
Modified
2026-07-08T17:57:09.868061Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type
GIT
Repo
https://github.com/maharaproject/mahara
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:20.04:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:mahara:mahara:20.04:rc2:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "19.04"
        },
        {
            "fixed": "19.04.5"
        },
        {
            "introduced": "19.10"
        },
        {
            "fixed": "19.10.3"
        },
        {
            "introduced": "20.04-rc1"
        },
        {
            "last_affected": "20.04-rc1"
        },
        {
            "introduced": "20.04-rc2"
        },
        {
            "last_affected": "20.04-rc2"
        }
    ]
}

Affected versions

19.*
19.04.0_RELEASE
19.04.1_RELEASE
19.04.2_RELEASE
19.04.3_RELEASE
19.04.4_RELEASE
19.10.0_RELEASE
19.10.1_RELEASE
19.10.2_RELEASE
20.*
20.04-rc1
20.04-rc2
20.04RC1_RELEASE
20.04RC2_RELEASE

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9387.json"