CVE-2023-47799
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-09-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mahara | mahara | to 22.10.4 (exc) |
| mahara | mahara | From 23.04.0 (inc) to 23.04.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mahara versions before 22.10.4 and 23.x before 23.04.4 occurs when using the experimental HTML bulk export feature via the administration interface or CLI. The exported files given to account holders may contain images belonging to other account holders because the cache is not cleared after exporting files for one account, leading to unintended information disclosure.
How can this vulnerability impact me? :
The vulnerability can lead to unintended disclosure of images from other users' accounts when exporting data, potentially exposing private or sensitive information to unauthorized account holders.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using the experimental HTML bulk export feature via the administration interface or CLI until you upgrade to Mahara version 22.10.4 or 23.04.4 or later, where the issue is fixed. Ensure that export files are not shared with account holders until the cache clearing issue is resolved.