cpe:/a:mahara:mahara:15.04:rc1 cpe:/a:mahara:mahara:15.04:rc2 cpe:/a:mahara:mahara:15.04.0 cpe:/a:mahara:mahara:15.04.1 cpe:/a:mahara:mahara:15.04.2 cpe:/a:mahara:mahara:15.04.3 cpe:/a:mahara:mahara:15.04.4 cpe:/a:mahara:mahara:15.04.5 cpe:/a:mahara:mahara:15.04.6 cpe:/a:mahara:mahara:15.10.0 cpe:/a:mahara:mahara:15.10.1 cpe:/a:mahara:mahara:15.10.2 CVE-2017-1000150 2017-11-03T14:29:00.903-04:00 2017-11-13T11:00:11.867-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-11-12T18:59:55.603-05:00 MISC https://bugs.launchpad.net/mahara/+bug/1567784 Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.