Primary

Context

Mahara Information Disclosure Vulnerability in HTML Bulk Export

Vulnerability

Patched

A vulnerability allowing information disclosure exists in Mahara versions prior to 22.10.4 and 23.x prior to 23.04.4. This issue arises when the experimental HTML bulk export feature is used through the administration interface or the command line interface (CLI). The exported files may contain images of other account holders, as the cache is not cleared after exporting files for one account.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing account holders to access images of other users.

Remediation

Users are advised to update Mahara to the latest minor point release of their current version series. For those on unsupported versions, upgrading to a supported version is recommended. Extended security support is available for purchase as an add-on.

Added: Aug 25, 2025, 2:44 PM

Updated: Aug 25, 2025, 2:44 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mahara Information Disclosure Vulnerability in HTML Bulk Export

Vulnerability

Impact

Remediation

Affected Products

Mahara

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating