CVE-2011-1403

high

Description

Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.

References

https://launchpad.net/mahara/+milestone/1.3.6

https://launchpad.net/mahara/+bug/771598

https://exchange.xforce.ibmcloud.com/vulnerabilities/67398

http://www.securityfocus.com/bid/47798

http://www.debian.org/security/2011/dsa-2246

http://secunia.com/advisories/44433

Details

Source: Mitre, NVD

Published: 2011-05-13

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High