Information Leakage in Mahara Elasticsearch Results

Information Leakage in Mahara Elasticsearch Results

CVE-2020-9387 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.

Learn more about our Web Application Penetration Testing UK.