{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "22.04.0-rc1" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "20.10.5" }, { "introduced": "21.04.0" }, { "fixed": "21.04.4" }, { "introduced": "21.10.0" }, { "fixed": "21.10.2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "5e19936332bcbbaf29d6fb5709182076840a83ee" }, { "introduced": "359597b32c7afe52339422a91f14256e17b33dfc" }, { "fixed": "3785940dbcd2bbdce534dcff7abdc2dd73c1b9ed" }, { "introduced": "9b0da78a1f8585b142a372d422bf5d9a36e1450d" }, { "fixed": "46808bee1dd5d5c925701d72df235529823eb997" } ], "repo": "https://github.com/maharaproject/mahara", "type": "GIT" } ] } ], "details": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.", "id": "CVE-2022-28892", "modified": "2026-03-13T21:53:18.327192554Z", "published": "2022-04-28T16:15:08.393Z", "references": [ { "type": "ADVISORY", "url": "https://mahara.org/interaction/forum/topic.php?id=9094" }, { "type": "FIX", "url": "https://bugs.launchpad.net/mahara/+bug/1930171" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }