Primary

Context

Mahara Information Disclosure Vulnerability in Database Connection Details

Vulnerability

Patched

An information disclosure vulnerability has been identified in Mahara versions prior to 24.04.9. This issue arises when the database becomes unreachable, such as during temporary downtime or high traffic. In such cases, sensitive database connection information, including the database host's IP address, database name, and database username, may be exposed.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive database connection information.

Remediation

Users are advised to update to Mahara version 24.04.9 or later. The update is available via the Mahara Git repository or as a downloadable package from the Mahara releases page. Instructions for updating Mahara can be found in the Mahara manual.

Added: Aug 26, 2025, 2:23 PM

Updated: Aug 26, 2025, 2:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mahara Information Disclosure Vulnerability in Database Connection Details

Vulnerability

Impact

Remediation

Affected Products

Mahara

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating