USN-5482-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5482-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5482-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5482-1
Related
Published
2022-06-16T16:22:11.726037Z
Modified
2022-06-16T16:22:11.726037Z
Summary
spip vulnerabilities
Details

It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)

Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting (XSS). If a user were tricked into browsing a malicious SVG file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)

It was discovered that SPIP incorrectly handled certain forms. A remote authenticated editor could possibly use this issue to execute arbitrary code, and a remote unauthenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2022-26846, CVE-2022-26847)

References

Affected packages

Ubuntu:18.04:LTS / spip

Package

Name
spip
Purl
pkg:deb/ubuntu/spip@3.1.4-4~deb9u5build0.18.04.1?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-4~deb9u5build0.18.04.1

Affected versions

3.*

3.1.4-3
3.1.4-4~deb9u3build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "spip": "3.1.4-4~deb9u5build0.18.04.1"
        }
    ]
}