{"id":"CVE-2017-1000136","details":"Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.","modified":"2026-04-10T03:56:00.970563Z","published":"2017-11-03T18:29:00.387Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1363873"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"0"},{"last_affected":"c97ba68462a8fad83036d1b896a1e412729604ee"},{"introduced":"0"},{"last_affected":"604f1385745ab72561e0bbe6a638155c7ea349bf"},{"introduced":"0"},{"last_affected":"d48a2752a7bd79468915295e40530feef75ceeda"},{"introduced":"0"},{"last_affected":"1bf2cd2c62d191573aa118f9b5e382badd9d7f7f"},{"introduced":"0"},{"last_affected":"1960a70b7b0c42a600d7e0cb3b1812ce4a2cc83b"},{"introduced":"0"},{"last_affected":"6b198414484a5cde0b84af1d4d581184faa81e53"},{"introduced":"0"},{"last_affected":"ad61ae402fb169cc8081b98e5a2e6822d362b22e"},{"introduced":"0"},{"last_affected":"048e62ab06cc56febc61ca78655bc6ff156b84cd"},{"introduced":"0"},{"last_affected":"91a483f6f5f2b9fb09bc33c4c98cea66581587cc"},{"introduced":"0"},{"last_affected":"ccbf63bbaf768784757dd8b7a6e3841eb55ad9cd"},{"introduced":"0"},{"last_affected":"01d7c8e0fa6ad9d06fd8de8f25dbc8e299373216"},{"introduced":"0"},{"last_affected":"5565883f64ce37a7e1313b91c2862e8b837101c4"},{"introduced":"0"},{"last_affected":"776a4bab9a37273823ef081fab1357d7c0cf91e8"},{"introduced":"0"},{"last_affected":"2f5c68b907e43feb45f419665d221d78510d6cce"},{"introduced":"0"},{"last_affected":"f670d266749f243f82da7e707cad564a79a3dfe4"},{"introduced":"0"},{"last_affected":"48a238a2f76a7ea322580fe93b7c026becd9acce"},{"introduced":"0"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8-rc1"},{"introduced":"0"},{"last_affected":"1.8-rc2"},{"introduced":"0"},{"last_affected":"1.8.0"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.4"},{"introduced":"0"},{"last_affected":"1.8.5"},{"introduced":"0"},{"last_affected":"1.9-rc1"},{"introduced":"0"},{"last_affected":"1.9.0"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.10-rc1"},{"introduced":"0"},{"last_affected":"1.10.0"},{"introduced":"0"},{"last_affected":"15.04-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc2"}]}}],"versions":["1.0.0ALPHA1_RELEASE","1.0.0ALPHA2_RELEASE","1.0.0BETA2_RELEASE","1.1.0ALPHA1_RELEASE","1.1.0ALPHA2_RELEASE","1.1.0ALPHA3_RELEASE","1.1.0BETA2_RELEASE","1.1.0BETA4_RELEASE","1.10.0_RELEASE","1.10RC1_RELEASE","1.2.0ALPHA2_RELEASE","1.2.0ALPHA3_RELEASE","1.3.0BETA1_RELEASE","1.3.0BETA2_RELEASE","1.4.0ALPHA1_RELEASE","1.7RC1_RELEASE","1.8.0_RELEASE","1.8.1_RELEASE","1.8.2_RELEASE","1.8.3_RELEASE","1.8.4_RELEASE","1.8.5_RELEASE","1.8RC1_RELEASE","1.8RC2_RELEASE","1.9.0_RELEASE","1.9.1_RELEASE","1.9.2_RELEASE","1.9.3_RELEASE","1.9RC1_RELEASE","15.04RC1_RELEASE","15.04RC2_RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000136.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}