{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "21.04.0"
              },
              {
                "fixed": "21.04.6"
              },
              {
                "introduced": "21.10.0"
              },
              {
                "fixed": "21.10.4"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "22.04.2"
              }
            ]
          },
          "events": [
            {
              "introduced": "359597b32c7afe52339422a91f14256e17b33dfc"
            },
            {
              "fixed": "da70ffe6f905070c6cd77e0bb5db08743b5d6013"
            },
            {
              "introduced": "9b0da78a1f8585b142a372d422bf5d9a36e1450d"
            },
            {
              "fixed": "797a3743980c96a7579e43e0f271f2298c8a9193"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "dab8850ef93f62f5c6d91d9f15ff3d8c5c7d2a49"
            }
          ],
          "repo": "https://github.com/maharaproject/mahara",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.",
  "id": "CVE-2022-33913",
  "modified": "2026-03-13T21:47:03.699339126Z",
  "published": "2022-06-20T16:15:08.040Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://mahara.org/interaction/forum/topic.php?id=9138"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}