pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2022-1767/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

135 lines
5.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221767",
"Version": "oval:org.altlinux.errata:def:20221767",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1767: package `phpMyAdmin` update to version 5.1.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1767",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1767",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01640",
"RefURL": "https://bdu.fstec.ru/vul/2022-01640",
"Source": "BDU"
},
{
"RefID": "CVE-2022-0813",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23807",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23807",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23808",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23808",
"Source": "CVE"
}
],
"Description": "This update upgrades phpMyAdmin to version 5.1.3-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01640: Уязвимость веб-интерфейса веб-приложения для администрирования cистем управления базами данных phpMyAdmin, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * CVE-2022-0813: PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.\n\n * CVE-2022-23807: An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.\n\n * CVE-2022-23808: An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-04-26"
},
"Updated": {
"Date": "2022-04-26"
},
"BDUs": [
{
"ID": "BDU:2022-01640",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2022-01640",
"Impact": "Low",
"Public": "20220314"
}
],
"CVEs": [
{
"ID": "CVE-2022-0813",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813",
"Impact": "High",
"Public": "20220310"
},
{
"ID": "CVE-2022-23807",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23807",
"Impact": "Low",
"Public": "20220122"
},
{
"ID": "CVE-2022-23808",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23808",
"Impact": "Low",
"Public": "20220122"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221767001",
"Comment": "phpMyAdmin is earlier than 0:5.1.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221767002",
"Comment": "phpMyAdmin-apache2-php7 is earlier than 0:5.1.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221767003",
"Comment": "phpMyAdmin-apache2-php8.1 is earlier than 0:5.1.3-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink