mahara-packaging team mailing list archive

Thread
Date

[Question #703683]: Hello, what is the status of CVE-2020-23052 and CVE-2021-29349. Is it true, that no solution is / will be available?

To: mahara-packaging@xxxxxxxxxxxxxxxxxxx
From: Green Bone <question703683@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 02 Nov 2022 09:40:55 -0000
Reply-to: question703683@xxxxxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

New question #703683 on mahara in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/mahara/+question/703683

CVE-2020-23052: 
Mahara is prone to a cross-site scripting (XSS) vulnerability in the component groupfiles.php via the Number and Description parameters.

CVE-2021-29349:
Mahara is prone to a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request.

If this is already fixed, please let me know with which version, and in general where to look up such information

-- 
You received this question notification because your team Mahara
Packaging is an answer contact for mahara in Ubuntu.