UBUNTU-CVE-2019-13376

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-13376

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-13376.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-13376

Related

CVE-2019-13376

Published

2019-09-27T13:15:00Z

Modified

2024-10-15T14:06:53Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

References

Affected packages

Ubuntu:Pro:14.04:LTS / phpbb3

Package

Name: phpbb3
Purl: pkg:deb/ubuntu/phpbb3?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.12-1ubuntu0.1~esm1

Affected versions

3.*

3.0.11-5

3.0.12-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.0.12-1ubuntu0.1~esm1",
            "binary_name": "phpbb3"
        },
        {
            "binary_version": "3.0.12-1ubuntu0.1~esm1",
            "binary_name": "phpbb3-l10n"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / phpbb3

Package

Name: phpbb3
Purl: pkg:deb/ubuntu/phpbb3?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.14-1

3.0.14-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}