 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.845415 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5482-1) |
| Summary: | The remote host is missing an update for the 'spip' package(s) announced via the USN-5482-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'spip' package(s) announced via the USN-5482-1 advisory. Vulnerability Insight: It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984) Charles Fol and Theo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting (XSS). If a user were tricked into browsing a malicious SVG file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123) It was discovered that SPIP incorrectly handled certain forms. A remote authenticated editor could possibly use this issue to execute arbitrary code, and a remote unauthenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2022-26846, CVE-2022-26847) Affected Software/OS: 'spip' package(s) on Ubuntu 18.04, Ubuntu 21.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-28984 Debian Security Information: DSA-4798 (Google Search) https://www.debian.org/security/2020/dsa-4798 https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html Common Vulnerability Exposure (CVE) ID: CVE-2021-44118 https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 Common Vulnerability Exposure (CVE) ID: CVE-2021-44120 https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 Common Vulnerability Exposure (CVE) ID: CVE-2021-44122 https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db Common Vulnerability Exposure (CVE) ID: CVE-2021-44123 Common Vulnerability Exposure (CVE) ID: CVE-2022-26846 https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 https://lists.debian.org/debian-security-announce/2022/msg00060.html https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2022-26847 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |