Login Sign Up

CVE-2022-28892

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in Mahara allows attackers to trick authenticated users into performing unintended actions by exploiting easily guessable random tokens. All Mahara instances running vulnerable versions are affected, potentially allowing attackers to modify user data, change permissions, or perform administrative actions.

💻 Affected Systems

Products:
  • Mahara
Versions: All versions before 20.10.5, 21.04.4, 21.10.2, and 22.04.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All Mahara installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Mahara by Mahara

View all CVEs affecting Mahara →

Mahara by Mahara

View all CVEs affecting Mahara →

Mahara by Mahara

View all CVEs affecting Mahara →

Mahara by Mahara

View all CVEs affecting Mahara →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative access, modify all user accounts, steal sensitive data, or completely compromise the Mahara instance.

🟠

Likely Case

Attackers trick users into changing their own profile settings, modifying portfolio content, or performing limited administrative actions.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to failed attack attempts with no successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction but uses standard CSRF techniques with predictable tokens.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.10.5, 21.04.4, 21.10.2, or 22.04.0

Vendor Advisory: https://mahara.org/interaction/forum/topic.php?id=9094

Restart Required: No

Instructions:

1. Backup your Mahara installation and database. 2. Download the appropriate patched version from mahara.org. 3. Replace the vulnerable files with patched versions. 4. Clear caches if applicable.

🔧 Temporary Workarounds

CSRF Token Validation Enhancement

all

Implement additional CSRF token validation checks in application code

Web Application Firewall Rules

all

Configure WAF to detect and block CSRF attack patterns

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies and additional CSRF protection headers
  • Educate users about CSRF risks and implement manual confirmation for sensitive actions

🔍 How to Verify

Check if Vulnerable:

Check Mahara version in admin panel or via version.php file

Check Version:

grep -i 'version' /path/to/mahara/version.php

Verify Fix Applied:

Verify installed version is 20.10.5, 21.04.4, 21.10.2, or 22.04.0 or later

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed CSRF token validations from same IP
  • Unusual administrative actions from regular users

Network Indicators:

  • POST requests without proper Referer headers
  • Requests with predictable token patterns

SIEM Query:

source="mahara_logs" AND (message="CSRF token validation failed" OR message="Invalid token")

📊 Metadata

CVE ID: CVE-2022-28892
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: April 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28892, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)