Headline
CVE-2020-9386: Mahara ePortfolio System
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Create portfolios
Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.
Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.
Learn about the portfolio options