File Metadata Disclosure Vulnerability

File Metadata Disclosure Vulnerability

CVE-2020-9386 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.

Learn more about our Web Application Penetration Testing UK.