UBUNTU-CVE-2020-25715

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2020-25715

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25715.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-25715

Related

CVE-2020-25715

Published

2021-05-28T11:15:00Z

Modified

2021-05-28T11:15:00Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dogtag-pki

Package

Name: dogtag-pki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.2.6-1

10.2.6-2

10.2.6-3

10.2.6+git20160317-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / dogtag-pki

Package

Name: dogtag-pki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.3.5+12-4ubuntu1

10.3.5+12-5

10.5.3-3

10.5.3-4

10.5.5-1

10.6.0~beta2-3

10.6.0-1ubuntu1

10.6.0-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / dogtag-pki

Package

Name: dogtag-pki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.7.3-4

10.8.3-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}