UBUNTU-CVE-2022-4556

Source
https://ubuntu.com/security/CVE-2022-4556
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4556.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-4556
Upstream
Published
2022-12-16T17:15:00Z
Modified
2025-07-16T07:45:05.117579Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960.

References

Affected packages

Ubuntu:Pro:16.04:LTS / sogo

Package

Name
sogo
Purl
pkg:deb/ubuntu/sogo@2.2.17a-1.1build1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.17a-1
2.2.17a-1.1
2.2.17a-1.1build1

Ubuntu:Pro:18.04:LTS / sogo

Package

Name
sogo
Purl
pkg:deb/ubuntu/sogo@3.2.10-1build1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.10-1
3.2.10-1build1

Ubuntu:Pro:20.04:LTS / sogo

Package

Name
sogo
Purl
pkg:deb/ubuntu/sogo@4.3.0-1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.8-1
4.1.0-1
4.1.1-1
4.3.0-1

Ubuntu:22.04:LTS / sogo

Package

Name
sogo
Purl
pkg:deb/ubuntu/sogo@5.5.1-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.0-1
5.2.0-1
5.2.0-3
5.3.0-1
5.3.0-1build2
5.4.0-1
5.5.0-1
5.5.1-1