CVE-2022-42707 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-42707

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.

Affected Software

Name	Vendor	Start Version	End Version
Mahara	Mahara	21.04.0 (including)	21.04.7 (excluding)
Mahara	Mahara	21.10.0 (including)	21.10.5 (excluding)
Mahara	Mahara	22.04.0 (including)	22.04.3 (excluding)
Mahara	Mahara	22.10.0-rc1 (including)	22.10.0-rc1 (including)

References

https://bugs.launchpad.net/mahara/+bug/1991157
https://mahara.org/interaction/forum/topic.php?id=9199