|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu: Security Advisory for gosa (USN-4609-1)|
|Summary:||The remote host is missing an update for the 'gosa'; package(s) announced via the USN-4609-1 advisory.|
The remote host is missing an update for the 'gosa'
package(s) announced via the USN-4609-1 advisory.
Fabian Henneke discovered that GOsa incorrectly handled client cookies. An
authenticated user could exploit this with a crafted cookie to perform
file deletions in the context of the user account that runs the web
It was discovered that GOsa incorrectly handled user access control. A
remote attacker could use this issue to log into any account with a
username containing the word 'success'. (CVE-2019-11187)
Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting
attacks via the change password form. A remote attacker could use this
flaw to run arbitrary web scripts. (CVE-2018-1000528)
'gosa' package(s) on Ubuntu 16.04 LTS.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2019-14466|
Common Vulnerability Exposure (CVE) ID: CVE-2019-11187
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000528
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.