CVE-2023-47799

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://git.mahara.org/catalyst-security/mahara-security/-/issues/2 Broken Link
https://mahara.org/interaction/forum/topic.php?id=9353 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
History

05 Sep 2025, 17:05

Type Values Removed Values Added
Summary
  • (es) Mahara, versiones anteriores a la 22.10.4 y 23.x, versiones anteriores a la 23.04.4, permite la divulgación de información si se utiliza la exportación masiva de HTML experimental a través de la interfaz de administración o la CLI, y los archivos de exportación resultantes se entregan a los titulares de las cuentas. Estos pueden contener imágenes de otros titulares de cuentas, ya que la caché no se borra después de exportar los archivos de una cuenta.
CPE cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
First Time Mahara
Mahara mahara
References () https://git.mahara.org/catalyst-security/mahara-security/-/issues/2 - () https://git.mahara.org/catalyst-security/mahara-security/-/issues/2 - Broken Link
References () https://mahara.org/interaction/forum/topic.php?id=9353 - () https://mahara.org/interaction/forum/topic.php?id=9353 - Vendor Advisory

25 Aug 2025, 21:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-200

25 Aug 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-25 14:15

Updated : 2025-09-05 17:05

NVD link : CVE-2023-47799

Mitre link : CVE-2023-47799

CVE.ORG link : CVE-2023-47799

JSON object : View

Products Affected

mahara

  • mahara
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor