UBUNTU-CVE-2022-24728

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-24728

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-24728.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-24728

Related

Published

2022-03-16T16:15:00Z

Modified

2025-02-06T04:31:08Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.7+dfsg-2ubuntu0.16.04.1~esm2

Affected versions

4.*

4.4.4+dfsg1-3

4.5.6+dfsg-1

4.5.7+dfsg-1

4.5.7+dfsg-2

4.5.7+dfsg-2ubuntu0.16.04.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm2",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9-1

5.*

5.1-1

5.2-1

5.2-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.11-2

4.2.12-3

4.2.12-4

4.2.12-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.7+dfsg-2ubuntu0.18.04.1+esm1

Affected versions

4.*

4.5.7+dfsg-2

4.5.7+dfsg-2ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7-1

6.*

6.1-1

6.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.1-5

4.4.2-1

4.4.2-2

4.4.2-2ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1+dfsg-1

4.12.1+dfsg-1

4.12.1+dfsg-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-3

3.6.6.1+dfsg-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.7-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.3-2

4.4.3-2+deb10u3build0.20.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.1+dfsg-1ubuntu0.1+esm1

Affected versions

4.*

4.11.1+dfsg-1

4.12.1+dfsg-1

4.12.1+dfsg-1ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.12.1+dfsg-1ubuntu0.1+esm1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:22.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.16.0+dfsg-2

4.16.2+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.5-1

7.7-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg-2ubuntu1

4.4.4+dfsg-2ubuntu1.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.2+dfsg-1ubuntu0.1~esm1

Affected versions

4.*

4.16.0+dfsg-2

4.16.2+dfsg-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.16.2+dfsg-1ubuntu0.1~esm1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:24.10 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.7+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.3-1

8.5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg-2ubuntu1

4.4.4+dfsg-2ubuntu2

4.4.7+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}