CVE-2013-4431

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/10/08/3
http://www.openwall.com/lists/oss-security/2013/10/15/1
http://www.openwall.com/lists/oss-security/2013/10/16/7
https://bugs.launchpad.net/mahara/+bug/1233500
https://mahara.org/interaction/forum/topic.php?id=5753

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mahara:mahara::::::::
	cpe:2.3:a:mahara:mahara:1.5:rc1::::::
	cpe:2.3:a:mahara:mahara:1.5:rc2::::::
	cpe:2.3:a:mahara:mahara:1.5.0:::::::*
	cpe:2.3:a:mahara:mahara:1.5.1:::::::*
	cpe:2.3:a:mahara:mahara:1.5.2:::::::*
	cpe:2.3:a:mahara:mahara:1.5.3:::::::*
	cpe:2.3:a:mahara:mahara:1.5.4:::::::*
	cpe:2.3:a:mahara:mahara:1.5.6:::::::*
	cpe:2.3:a:mahara:mahara:1.5.7:::::::*
	cpe:2.3:a:mahara:mahara:1.5.8:::::::*
	cpe:2.3:a:mahara:mahara:1.5.9:::::::*
	cpe:2.3:a:mahara:mahara:1.5.10:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:mahara:mahara:1.7.:rc1::::::
	cpe:2.3:a:mahara:mahara:1.7.0:-::::::
	cpe:2.3:a:mahara:mahara:1.7.1:::::::*
	cpe:2.3:a:mahara:mahara:1.7.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:mahara:mahara:1.6.0:::::::*
	cpe:2.3:a:mahara:mahara:1.6.1:::::::*
	cpe:2.3:a:mahara:mahara:1.6.2:::::::*
	cpe:2.3:a:mahara:mahara:1.6.3:::::::*
	cpe:2.3:a:mahara:mahara:1.6.4:::::::*
	cpe:2.3:a:mahara:mahara:1.6.5:::::::*
	cpe:2.3:a:mahara:mahara:1.6.6:::::::*

History

No history.

Information

Published : 2014-05-19 14:55

Updated : 2023-12-10 11:31

NVD link : CVE-2013-4431

Mitre link : CVE-2013-4431

CVE.ORG link : CVE-2013-4431

JSON object : View

Products Affected

mahara

mahara

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4431", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-19T14:55:08.500", "references": [{"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7", "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/mahara/+bug/1233500", "source": "secalert@redhat.com"}, {"url": "https://mahara.org/interaction/forum/topic.php?id=5753", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request."}, {"lang": "es", "value": "Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no previene debidamente acceso a bloques, lo que permite a usuarios remotos autenticados modificar bloques arbitrarios a trav\u00e9s del bock id en una solicitud de editar."}], "lastModified": "2014-05-19T18:43:11.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EC43859-166D-403F-BC6C-4B7FDD02807C", "versionEndIncluding": "1.5.11"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C"}, {"criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}