CVE-2017-1000152 | Vulnerability Database | Aqua Security

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another users account settings.

Affected Software

Name	Vendor	Start Version	End Version
Mahara	Mahara	15.04-rc1 (including)	15.04-rc1 (including)
Mahara	Mahara	15.04-rc2 (including)	15.04-rc2 (including)
Mahara	Mahara	15.04.0 (including)	15.04.0 (including)
Mahara	Mahara	15.04.1 (including)	15.04.1 (including)
Mahara	Mahara	15.04.2 (including)	15.04.2 (including)
Mahara	Mahara	15.04.3 (including)	15.04.3 (including)
Mahara	Mahara	15.04.4 (including)	15.04.4 (including)
Mahara	Mahara	15.04.5 (including)	15.04.5 (including)
Mahara	Mahara	15.04.6 (including)	15.04.6 (including)

References

https://bugs.launchpad.net/mahara/+bug/1570744
https://bugs.launchpad.net/mahara/+bug/1570744

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-1000152
CWE	https://cwe.mitre.org/data/definitions/.html