Medium severity4.3NVD Advisory· Published Nov 3, 2017· Updated May 13, 2026
CVE-2017-1000155
CVE-2017-1000155
Description
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
Affected products
18cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- bugs.launchpad.net/mahara/+bug/1600069nvdExploitIssue TrackingPatchThird Party Advisory
News mentions
0No linked articles in our index yet.