{"id":"CVE-2017-1000150","details":"Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.","modified":"2026-04-10T03:54:35.742380Z","published":"2017-11-03T18:29:00.903Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1567784"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"0"},{"last_affected":"48a238a2f76a7ea322580fe93b7c026becd9acce"},{"introduced":"0"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"},{"introduced":"0"},{"last_affected":"9b217d5c0da7118a8c9d668794a3869d85276534"},{"introduced":"0"},{"last_affected":"71a160b12bcde1bd3569377c8e010436228aaf5f"},{"introduced":"0"},{"last_affected":"3b3d3e3cd03d1663da0b0e3826fcdff13f488886"},{"introduced":"0"},{"last_affected":"44ebd0f0993352955f7971920fa8ca231e6a8bb9"},{"introduced":"0"},{"last_affected":"d527a5edeb6087fd94956e1e3e18bcf4a432540d"},{"introduced":"0"},{"last_affected":"53ee40015a2363a6c5c3d3cccc3fb35e27a7abb0"},{"introduced":"0"},{"last_affected":"eea43577f7952fcfef7cbaf61b87cce1bdcdb8dd"},{"introduced":"0"},{"last_affected":"b5fe2b35e1a12171feeb6a9d15e9308ea5787fe1"},{"introduced":"0"},{"last_affected":"2c77126e11080109b24fb7068b57f236ee9d3a2d"},{"introduced":"0"},{"last_affected":"3c718e63ed2b6d3d351d38d94c7008ee880ad655"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"15.04-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc2"},{"introduced":"0"},{"last_affected":"15.04.0"},{"introduced":"0"},{"last_affected":"15.04.1"},{"introduced":"0"},{"last_affected":"15.04.2"},{"introduced":"0"},{"last_affected":"15.04.3"},{"introduced":"0"},{"last_affected":"15.04.4"},{"introduced":"0"},{"last_affected":"15.04.5"},{"introduced":"0"},{"last_affected":"15.04.6"},{"introduced":"0"},{"last_affected":"15.10.0"},{"introduced":"0"},{"last_affected":"15.10.1"},{"introduced":"0"},{"last_affected":"15.10.2"}]}}],"versions":["1.0.0ALPHA1_RELEASE","1.0.0ALPHA2_RELEASE","1.0.0BETA2_RELEASE","1.1.0ALPHA1_RELEASE","1.1.0ALPHA2_RELEASE","1.1.0ALPHA3_RELEASE","1.1.0BETA2_RELEASE","1.1.0BETA4_RELEASE","1.2.0ALPHA2_RELEASE","1.2.0ALPHA3_RELEASE","1.3.0BETA1_RELEASE","1.3.0BETA2_RELEASE","1.4.0ALPHA1_RELEASE","1.7RC1_RELEASE","1.8RC1_RELEASE","1.8RC2_RELEASE","15.04.0_RELEASE","15.04.1_RELEASE","15.04.2_RELEASE","15.04.3_RELEASE","15.04.4_RELEASE","15.04.5_RELEASE","15.04.6_RELEASE","15.04RC1_RELEASE","15.04RC2_RELEASE","15.10.0_RELEASE","15.10.1_RELEASE","15.10.2_RELEASE","15.10RC1_RELEASE","15.10RC2_RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}