oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: mahara

From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 11 May 2012 22:06:14 +0200
Hi,
please assign a CVE ID for this issue in Mahara, which was released as 
http://www.debian.org/security/2012/dsa-2467:

| It was discovered that Mahara, the portfolio, weblog, and resume builder, 
| had an insecure default with regards to SAML-based authentication used 
| with more than one SAML identity provider. Someone with control over one 
| IdP could impersonate users from other IdP's.

Upstream bug is:
https://bugs.launchpad.net/mahara/+bug/932909

Upstream commit:
http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea

Cheers,
        Moritz
Previous By Date Next
Previous By Thread Next

Current thread: