{"id":"CVE-2017-1000131","details":"Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.","modified":"2026-03-14T09:23:48.778244Z","published":"2017-11-03T18:29:00.200Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1084336"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"0"},{"last_affected":"48a238a2f76a7ea322580fe93b7c026becd9acce"},{"introduced":"0"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"},{"introduced":"0"},{"last_affected":"9b217d5c0da7118a8c9d668794a3869d85276534"},{"introduced":"0"},{"last_affected":"71a160b12bcde1bd3569377c8e010436228aaf5f"},{"introduced":"0"},{"last_affected":"3b3d3e3cd03d1663da0b0e3826fcdff13f488886"},{"introduced":"0"},{"last_affected":"44ebd0f0993352955f7971920fa8ca231e6a8bb9"},{"introduced":"0"},{"last_affected":"d527a5edeb6087fd94956e1e3e18bcf4a432540d"},{"introduced":"0"},{"last_affected":"53ee40015a2363a6c5c3d3cccc3fb35e27a7abb0"},{"introduced":"0"},{"last_affected":"eea43577f7952fcfef7cbaf61b87cce1bdcdb8dd"},{"introduced":"0"},{"last_affected":"8f8c729b91c4db1b11a43ed9248385702608e6db"},{"introduced":"0"},{"last_affected":"c4f30a389c34a2177a7f2aa60a69b2494c5f08fa"},{"introduced":"0"},{"last_affected":"131e345b6847f10cb4a59ca4c748224d8bbe3cab"},{"introduced":"0"},{"last_affected":"6151bb5fea5811277d051a81865b946d76a92fba"},{"introduced":"0"},{"last_affected":"bc9308e5d855dc04dc81990c2901b6e0b6e98102"},{"introduced":"0"},{"last_affected":"b5fe2b35e1a12171feeb6a9d15e9308ea5787fe1"},{"introduced":"0"},{"last_affected":"2c77126e11080109b24fb7068b57f236ee9d3a2d"},{"introduced":"0"},{"last_affected":"3c718e63ed2b6d3d351d38d94c7008ee880ad655"},{"introduced":"0"},{"last_affected":"1c2f89f8ee9dd8dba44594e8d50a4d47380eec9e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"15.04-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc2"},{"introduced":"0"},{"last_affected":"15.04.0"},{"introduced":"0"},{"last_affected":"15.04.1"},{"introduced":"0"},{"last_affected":"15.04.2"},{"introduced":"0"},{"last_affected":"15.04.3"},{"introduced":"0"},{"last_affected":"15.04.4"},{"introduced":"0"},{"last_affected":"15.04.5"},{"introduced":"0"},{"last_affected":"15.04.6"},{"introduced":"0"},{"last_affected":"15.04.7"},{"introduced":"0"},{"last_affected":"16.04-rc1"},{"introduced":"0"},{"last_affected":"16.04-rc2"},{"introduced":"0"},{"last_affected":"16.04.0"},{"introduced":"0"},{"last_affected":"16.04.1"},{"introduced":"0"},{"last_affected":"15.10.0"},{"introduced":"0"},{"last_affected":"15.10.1"},{"introduced":"0"},{"last_affected":"15.10.2"},{"introduced":"0"},{"last_affected":"15.10.3"}]}}],"versions":["1.0.0ALPHA1_RELEASE","1.0.0ALPHA2_RELEASE","1.0.0BETA1_RELEASE","1.0.0BETA2_RELEASE","1.1.0ALPHA1_RELEASE","1.1.0ALPHA2_RELEASE","1.1.0ALPHA3_RELEASE","1.1.0BETA1_RELEASE","1.1.0BETA2_RELEASE","1.1.0BETA3_RELEASE","1.1.0BETA4_RELEASE","1.2.0ALPHA1_RELEASE","1.2.0ALPHA2_RELEASE","1.2.0ALPHA3_RELEASE","1.2.0BETA1_RELEASE","1.2.0BETA2_RELEASE","1.2.0BETA3_RELEASE","1.2.0BETA4_RELEASE","1.2.0RC1_RELEASE","1.3.0BETA1_RELEASE","1.3.0BETA2_RELEASE","1.3.0BETA3_RELEASE","1.3.0BETA4_RELEASE","1.4.0ALPHA1_RELEASE","1.7RC1_RELEASE","1.8RC1_RELEASE","1.8RC2_RELEASE","15.04RC1_RELEASE","15.10.0_RELEASE","15.10RC1_RELEASE","15.10RC2_RELEASE","16.04RC1_RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000131.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}