UBUNTU-CVE-2021-42948

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-42948

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-42948.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-42948

Related

CVE-2021-42948

Published

2022-09-16T16:15:00Z

Modified

2024-10-15T14:08:28Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

References

Affected packages

Ubuntu:Pro:16.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0-1

2.1.3-1

2.1.4-1

2.1.4-1ubuntu1

2.1.4-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.1-1

2.2.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.2-1

3.*

3.0.0-1

3.0.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/ubuntu/hoteldruid?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.1-1

3.0.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}