Security Advisory

CVE-2017-1000153

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-11-03 18:00:00

Last updated 2024-08-05 21:53:07

Assigner mitre

State PUBLISHED

Description

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the users account.

← Browse all CVEs View on cve.org ↗