** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4118
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/884223 Title: Administrators masquerading as other users can jump to remote XMLRPC applications as that other user Status in Mahara ePortfolio: Fix Released Status in Mahara 1.3 series: Fix Released Bug description: With MNet set up, if a user logs in as another user, and jumps to an XMLRPC target, they're logged in to that target as the child user in the login as. This really shouldn't be the case. If a two application are joined but have different administrators, then this would potentially allow for privilege escalation. If the local application administrator knows of an account which is an administrator on a remote application, then they could log in as that user on the local application, and jump to the remote application thereby escalating their privileges. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/884223/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
