UBUNTU-CVE-2023-39017

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2023-39017
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-39017
Withdrawn
2025-06-23T15:56:54Z
Published
2023-07-28T15:15:00Z
Modified
2023-07-28T15:15:00Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.

References

Affected packages

Ubuntu:20.04:LTS
libquartz-java

Package

Name
libquartz-java
Purl
pkg:deb/ubuntu/libquartz-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*
1:1.8.6-6

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
libquartz2-java

Package

Name
libquartz2-java
Purl
pkg:deb/ubuntu/libquartz2-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.3.0-2

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
Ubuntu:22.04:LTS
libquartz-java

Package

Name
libquartz-java
Purl
pkg:deb/ubuntu/libquartz-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*
1:1.8.6-6

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
libquartz2-java

Package

Name
libquartz2-java
Purl
pkg:deb/ubuntu/libquartz2-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.3.0-3
2.3.2-2
2.3.2-3

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
Ubuntu:24.04:LTS
libquartz-java

Package

Name
libquartz-java
Purl
pkg:deb/ubuntu/libquartz-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*
1:1.8.6-8

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
libquartz2-java

Package

Name
libquartz2-java
Purl
pkg:deb/ubuntu/libquartz2-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.3.2-4

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
Ubuntu:Pro:16.04:LTS
libquartz-java

Package

Name
libquartz-java
Purl
pkg:deb/ubuntu/libquartz-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*
1:1.7.3-5
1:1.8.6-1

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
Ubuntu:Pro:18.04:LTS
libquartz-java

Package

Name
libquartz-java
Purl
pkg:deb/ubuntu/libquartz-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*
1:1.8.6-4
1:1.8.6-5
1:1.8.6-6~18.04

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"
libquartz2-java

Package

Name
libquartz2-java
Purl
pkg:deb/ubuntu/libquartz2-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.2.3-2
2.2.3-3

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-39017.json"