Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a groups configuration page being editable by any group member even when they didnt have the admin role.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mahara | Mahara | 15.04-rc1 (including) | 15.04-rc1 (including) |
| Mahara | Mahara | 15.04-rc2 (including) | 15.04-rc2 (including) |
| Mahara | Mahara | 15.04.0 (including) | 15.04.0 (including) |
| Mahara | Mahara | 15.04.1 (including) | 15.04.1 (including) |
| Mahara | Mahara | 15.04.2 (including) | 15.04.2 (including) |
| Mahara | Mahara | 15.04.3 (including) | 15.04.3 (including) |
| Mahara | Mahara | 15.04.4 (including) | 15.04.4 (including) |
| Mahara | Mahara | 15.04.5 (including) | 15.04.5 (including) |
| Mahara | Mahara | 15.04.6 (including) | 15.04.6 (including) |
| Mahara | Mahara | 15.04.7 (including) | 15.04.7 (including) |
| Mahara | Mahara | 15.04.8 (including) | 15.04.8 (including) |