UBUNTU-CVE-2022-48110

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2022-48110
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-48110.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-48110
Withdrawn
2025-06-23T15:55:08Z
Published
2023-02-13T20:15:00Z
Modified
2023-02-13T20:15:00Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

* DISPUTED * CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is adding CKEditor 5 functionality to a website) to choose the correct security settings for their use case. Also, safe default values are established (e.g., config.htmlEmbed.showPreviews is false).

References

Affected packages

Ubuntu:Pro:16.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg1-3
4.5.6+dfsg-1
4.5.7+dfsg-1
4.5.7+dfsg-2
4.5.7+dfsg-2ubuntu0.16.04.1~esm1

Ubuntu:Pro:16.04:LTS / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/ubuntu/ldap-account-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9-1

5.*

5.1-1
5.2-1
5.2-1ubuntu1

Ubuntu:Pro:16.04:LTS / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/ubuntu/request-tracker4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.11-2
4.2.12-3
4.2.12-4
4.2.12-5

Ubuntu:Pro:18.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.7+dfsg-2
4.5.7+dfsg-2ubuntu0.18.04.1

Ubuntu:Pro:18.04:LTS / ckeditor3

Package

Name
ckeditor3
Purl
pkg:deb/ubuntu/ckeditor3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-1

Ubuntu:Pro:18.04:LTS / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/ubuntu/ldap-account-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7-1

6.*

6.1-1
6.2-1

Ubuntu:Pro:18.04:LTS / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/ubuntu/request-tracker4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.1-5
4.4.2-1
4.4.2-2
4.4.2-2ubuntu0.1~esm1

Ubuntu:20.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1+dfsg-1
4.12.1+dfsg-1
4.12.1+dfsg-1ubuntu0.1

Ubuntu:20.04:LTS / ckeditor3

Package

Name
ckeditor3
Purl
pkg:deb/ubuntu/ckeditor3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-3
3.6.6.1+dfsg-4

Ubuntu:20.04:LTS / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/ubuntu/ldap-account-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.7-1

Ubuntu:20.04:LTS / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/ubuntu/request-tracker4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.3-2
4.4.3-2+deb10u3build0.20.04.1

Ubuntu:22.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.16.0+dfsg-2
4.16.2+dfsg-1

Ubuntu:22.04:LTS / ckeditor3

Package

Name
ckeditor3
Purl
pkg:deb/ubuntu/ckeditor3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ubuntu:22.04:LTS / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/ubuntu/ldap-account-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.5-1
7.7-1

Ubuntu:22.04:LTS / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/ubuntu/request-tracker4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg-2ubuntu1
4.4.4+dfsg-2ubuntu1.22.04.1

Ubuntu:24.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.22.1+dfsg1-2

Ubuntu:24.04:LTS / ckeditor3

Package

Name
ckeditor3
Purl
pkg:deb/ubuntu/ckeditor3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ubuntu:24.04:LTS / ldap-account-manager

Package

Name
ldap-account-manager
Purl
pkg:deb/ubuntu/ldap-account-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.3-1
8.5-1

Ubuntu:24.04:LTS / request-tracker4

Package

Name
request-tracker4
Purl
pkg:deb/ubuntu/request-tracker4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg-2ubuntu1
4.4.4+dfsg-2ubuntu2
4.4.7+dfsg-1