USN-4693-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4693-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4693-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4693-1
Related
  • CVE-2019-12385
  • CVE-2019-12386
Published
2021-01-14T21:13:09.405761Z
Modified
2021-01-14T21:13:09.405761Z
Summary
ampache vulnerabilities
Details

It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. (CVE-2019-12385)

It was discovered that an XSS vulnerability in Ampache. An attacker could use this vulnerability to force an admin to create a new privileged user. (CVE-2019-12386)

References

Affected packages

Ubuntu:16.04:LTS / ampache

Package

Name
ampache

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6-rzb2779+dfsg-0ubuntu9.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ampache-common": "3.6-rzb2779+dfsg-0ubuntu9.2",
            "ampache": "3.6-rzb2779+dfsg-0ubuntu9.2"
        }
    ]
}