pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2014-1960/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

129 lines
4.9 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141960",
"Version": "oval:org.altlinux.errata:def:20141960",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1960: package `mediawiki` update to version 1.23.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1960",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1960",
"Source": "ALTPU"
},
{
"RefID": "CVE-2014-2665",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-2665",
"Source": "CVE"
},
{
"RefID": "CVE-2014-2853",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-2853",
"Source": "CVE"
},
{
"RefID": "CVE-2014-3966",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3966",
"Source": "CVE"
}
],
"Description": "This update upgrades mediawiki to version 1.23.1-alt1. \nSecurity Fix(es):\n\n * CVE-2014-2665: includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a \"login CSRF\" issue.\n\n * CVE-2014-2853: Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.\n\n * CVE-2014-3966: Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-07-29"
},
"Updated": {
"Date": "2014-07-29"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2014-2665",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-2665",
"Impact": "Low",
"Public": "20140420"
},
{
"ID": "CVE-2014-2853",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-2853",
"Impact": "Low",
"Public": "20140429"
},
{
"ID": "CVE-2014-3966",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3966",
"Impact": "Low",
"Public": "20140606"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141960001",
"Comment": "mediawiki is earlier than 0:1.23.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141960002",
"Comment": "mediawiki-apache2 is earlier than 0:1.23.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141960003",
"Comment": "mediawiki-common is earlier than 0:1.23.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141960004",
"Comment": "mediawiki-mysql is earlier than 0:1.23.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141960005",
"Comment": "mediawiki-postgresql is earlier than 0:1.23.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141960006",
"Comment": "mediawiki-tex is earlier than 0:1.23.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink