CVE-2023-47799
Last modified
CVE-2023-47799 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | < 22.10.4 |
| Mahara | Mahara | >= 23.04.0, < 23.04.4 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-47799?
How severe is CVE-2023-47799?
How do I fix CVE-2023-47799?
Are you affected by CVE-2023-47799?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST