Ubuntu
mahara package

Hello, what is the status of CVE-2020-23052 and CVE-2021-29349. Is it true, that no solution is / will be available?

Asked by Green Bone

CVE-2020-23052:
Mahara is prone to a cross-site scripting (XSS) vulnerability in the component groupfiles.php via the Number and Description parameters.

CVE-2021-29349:
Mahara is prone to a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request.

If this is already fixed, please let me know with which version, and in general where to look up such information

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu mahara Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Ubuntu does not provide the mahara package is any supported release (the last version was in Ubuntu 13.10), see https://launchpad.net/ubuntu/+source/mahara and https://packages.ubuntu.com/search?keywords=mahara&searchon=names&suite=all&section=all

If you have installed mahara on an Ubuntu system, then this must have come from a foreign source. Please ask there.

Revision history for this message
Green Bone (greenbone) said : 		#2

ok thank you

https://answers.launchpad.net/mahara

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

Sorry, I was not aware that the "mahara project" on Launchpad redirects users to "questions for mahara on Ubuntu", even if mahara is not available in Ubuntu any more. In my opinion this does not make sense.

I guess you better visit https://mahara.org/interaction/forum/index.php?group=1

Can you help with this problem?

Provide an answer of your own, or ask Green Bone for more information if necessary.

To post a message you must log in.