Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. (CVE-2019-14466)
It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". (CVE-2019-11187)
Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting attacks via the change password form. A remote attacker could use this flaw to run arbitrary web scripts. (CVE-2018-1000528)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "gosa", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-desktop", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-dev", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-help-de", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-help-en", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-help-fr", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-help-nl", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-connectivity", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-dhcp", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-dhcp-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-dns", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-dns-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-fai", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-fai-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-gofax", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-gofon", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-goto", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-kolab", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-kolab-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-ldapmanager", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-mail", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-mit-krb5", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-mit-krb5-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-nagios", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-nagios-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-netatalk", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-opengroupware", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-openxchange", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-openxchange-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-opsi", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-phpgw", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-phpgw-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-phpscheduleit", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-phpscheduleit-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-pptp", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-pptp-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-pureftpd", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-pureftpd-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-rolemanagement", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-rsyslog", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-samba", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-scalix", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-squid", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-ssh", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-ssh-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-sudo", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-sudo-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-systems", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-uw-imap", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-plugin-webdav", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" }, { "binary_name": "gosa-schema", "binary_version": "2.7.4+reloaded2-9ubuntu1.1" } ] }