Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.6913.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6913-1)
Summary:	The remote host is missing an update for the 'php-cas' package(s) announced via the USN-6913-1 advisory.
Description:	Summary: The remote host is missing an update for the 'php-cas' package(s) announced via the USN-6913-1 advisory. Vulnerability Insight: Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class. For more information please refer to the section 'Upgrading 1.5.0 -> 1.6.0' of the phpCAS upgrading document: [link moved to references] Affected Software/OS: 'php-cas' package(s) on Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-39369 https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/ https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.