In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
{
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "21.04"
},
{
"fixed": "21.04.7"
},
{
"introduced": "21.10"
},
{
"fixed": "21.10.5"
},
{
"introduced": "22.04"
},
{
"fixed": "22.04.3"
},
{
"introduced": "22.10"
},
{
"fixed": "22.10.0"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42707.json"
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "21.04.0"
},
{
"fixed": "21.04.7"
},
{
"introduced": "21.10.0"
},
{
"fixed": "21.10.5"
},
{
"introduced": "22.04.0"
},
{
"fixed": "22.04.3"
}
]
}