pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2019-2016/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

407 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192016",
"Version": "oval:org.altlinux.errata:def:20192016",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2016: package `mediawiki` update to version 1.32.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2016",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2016",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-01542",
"RefURL": "https://bdu.fstec.ru/vul/2019-01542",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03562",
"RefURL": "https://bdu.fstec.ru/vul/2019-03562",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03563",
"RefURL": "https://bdu.fstec.ru/vul/2019-03563",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03617",
"RefURL": "https://bdu.fstec.ru/vul/2019-03617",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03618",
"RefURL": "https://bdu.fstec.ru/vul/2019-03618",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03619",
"RefURL": "https://bdu.fstec.ru/vul/2019-03619",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03620",
"RefURL": "https://bdu.fstec.ru/vul/2019-03620",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03621",
"RefURL": "https://bdu.fstec.ru/vul/2019-03621",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03622",
"RefURL": "https://bdu.fstec.ru/vul/2019-03622",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04254",
"RefURL": "https://bdu.fstec.ru/vul/2019-04254",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02564",
"RefURL": "https://bdu.fstec.ru/vul/2020-02564",
"Source": "BDU"
},
{
"RefID": "CVE-2019-11358",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12466",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12467",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12468",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12469",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12470",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12471",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12471",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12472",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12473",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12474",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474",
"Source": "CVE"
}
],
"Description": "This update upgrades mediawiki to version 1.32.2-alt1. \nSecurity Fix(es):\n\n * BDU:2019-01542: Уязвимость функции jQuery.extend() библиотеки jQuery, позволяющая нарушителю вызвать отказ в обслуживании, выполнить произвольный JavaScript-код или повысить свои привилегии\n\n * BDU:2019-03562: Уязвимость компонента CMS веб-сайтов для совместной работы MediaWiki, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03563: Уязвимость функции Special:ChangeEmail программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2019-03617: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с возможностью обхода повторной аутентификации, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03618: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатками контроля доступа, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * BDU:2019-03619: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатками контроля доступа, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * BDU:2019-03620: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с возможностью загрузки пользовательского JavaScript кода из несуществующей учетной записи, позволяющая нарушителю нарушить целостность данных\n\n * BDU:2019-03621: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатками контроля доступа, позволяющая нарушителю нарушить целостность данных\n\n * BDU:2019-03622: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с передачей недопустимых заголовков в API, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04254: Уязвимость функции jQuery.extend (true, {}, ...) библиотеки jQuery, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации\n\n * BDU:2020-02564: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с передачей недопустимых заголовков в API, позволяющая нарушителю несанкционированный доступ к защищаемой информации\n\n * CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.\n\n * CVE-2019-12466: Wikimedia MediaWiki through 1.32.1 allows CSRF.\n\n * CVE-2019-12467: MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.\n\n * CVE-2019-12468: An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.\n\n * CVE-2019-12469: MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.\n\n * CVE-2019-12470: Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.\n\n * CVE-2019-12471: Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.\n\n * CVE-2019-12472: An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.\n\n * CVE-2019-12473: Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.\n\n * CVE-2019-12474: Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-06-07"
},
"Updated": {
"Date": "2019-06-07"
},
"BDUs": [
{
"ID": "BDU:2019-01542",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-79, CWE-915",
"Href": "https://bdu.fstec.ru/vul/2019-01542",
"Impact": "High",
"Public": "20190325"
},
{
"ID": "BDU:2019-03562",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-352",
"Href": "https://bdu.fstec.ru/vul/2019-03562",
"Impact": "High",
"Public": "20190606"
},
{
"ID": "BDU:2019-03563",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2019-03563",
"Impact": "Low",
"Public": "20181118"
},
{
"ID": "BDU:2019-03617",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2019-03617",
"Impact": "Critical",
"Public": "20190710"
},
{
"ID": "BDU:2019-03618",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-284",
"Href": "https://bdu.fstec.ru/vul/2019-03618",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "BDU:2019-03619",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-284",
"Href": "https://bdu.fstec.ru/vul/2019-03619",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "BDU:2019-03620",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2019-03620",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "BDU:2019-03621",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2019-03621",
"Impact": "High",
"Public": "20190710"
},
{
"ID": "BDU:2019-03622",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-03622",
"Impact": "High",
"Public": "20190710"
},
{
"ID": "BDU:2019-04254",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2019-04254",
"Impact": "Low",
"Public": "20190419"
},
{
"ID": "BDU:2020-02564",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2020-02564",
"Impact": "High",
"Public": "20190710"
}
],
"CVEs": [
{
"ID": "CVE-2019-11358",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-1321",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"Impact": "Low",
"Public": "20190420"
},
{
"ID": "CVE-2019-12466",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-352",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466",
"Impact": "High",
"Public": "20190710"
},
{
"ID": "CVE-2019-12467",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "CVE-2019-12468",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-306",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468",
"Impact": "Critical",
"Public": "20190710"
},
{
"ID": "CVE-2019-12469",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "CVE-2019-12470",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "CVE-2019-12471",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12471",
"Impact": "Low",
"Public": "20190710"
},
{
"ID": "CVE-2019-12472",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472",
"Impact": "High",
"Public": "20190710"
},
{
"ID": "CVE-2019-12473",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473",
"Impact": "High",
"Public": "20190710"
},
{
"ID": "CVE-2019-12474",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474",
"Impact": "High",
"Public": "20190710"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192016001",
"Comment": "mediawiki is earlier than 0:1.32.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192016002",
"Comment": "mediawiki-apache2 is earlier than 0:1.32.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192016003",
"Comment": "mediawiki-common is earlier than 0:1.32.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192016004",
"Comment": "mediawiki-mysql is earlier than 0:1.32.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192016005",
"Comment": "mediawiki-postgresql is earlier than 0:1.32.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink