Information Disclosure in Mahara Software by Catalyst IT
CVE-2023-47799

7.5HIGH

Key Information:

Vendor: Catalyst IT
Status: Mahara
Vendor: CVE Published:; 25 August 2025

🔔 Create Catalyst IT Vulnerability Alert

What is CVE-2023-47799?

Mahara versions prior to 22.10.4 and 23.x prior to 23.04.4 are susceptible to a significant information disclosure vulnerability. This arises when the experimental HTML bulk export feature is employed through the administration interface or the command-line interface (CLI). If exported files are provided to account holders without appropriate safeguards, they may inadvertently reveal images or information pertaining to other users, as the caching mechanism fails to clear data after each export. This raises serious concerns about user privacy and data protection, emphasizing the need for immediate updates to secure sensitive information.

References

https://git.mahara.org/catalyst-security/mahara-security/...

https://mahara.org/interaction/forum/topic.php?id=9353

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Nov 10, 2023