USN-7258-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7258-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7258-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-7258-1
Related
Published
2025-02-06T01:26:17.397178Z
Modified
2025-02-06T01:26:17.397178Z
Summary
ckeditor vulnerabilities
Details

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24728)

It was discovered that CKEditor did not properly handle the creation of editor instances in the Iframe Dialog and Media Embed packages. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-28439)

It was discovered that CKEditor did not properly handle parsing HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2024-24815, CVE-2024-24816)

It was discovered that CKEditor did not properly sanitize version notifications. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-43411)

References

Affected packages

Ubuntu:Pro:16.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.7+dfsg-2ubuntu0.16.04.1~esm2

Affected versions

4.*

4.4.4+dfsg1-3
4.5.6+dfsg-1
4.5.7+dfsg-1
4.5.7+dfsg-2
4.5.7+dfsg-2ubuntu0.16.04.1~esm1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm2",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.7+dfsg-2ubuntu0.18.04.1+esm1

Affected versions

4.*

4.5.7+dfsg-2
4.5.7+dfsg-2ubuntu0.18.04.1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.1+dfsg-1ubuntu0.1+esm1

Affected versions

4.*

4.11.1+dfsg-1
4.12.1+dfsg-1
4.12.1+dfsg-1ubuntu0.1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.12.1+dfsg-1ubuntu0.1+esm1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.16.2+dfsg-1ubuntu0.1~esm1

Affected versions

4.*

4.16.0+dfsg-2
4.16.2+dfsg-1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.16.2+dfsg-1ubuntu0.1~esm1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:24.10 / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu0.24.10.1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.22.1+dfsg1-2ubuntu0.24.10.1

Affected versions

4.*

4.22.1+dfsg1-2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.22.1+dfsg1-2ubuntu0.24.10.1",
            "binary_name": "ckeditor"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / ckeditor

Package

Name
ckeditor
Purl
pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu0.24.04.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.22.1+dfsg1-2ubuntu0.24.04.1~esm1

Affected versions

4.*

4.22.1+dfsg1-2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.22.1+dfsg1-2ubuntu0.24.04.1~esm1",
            "binary_name": "ckeditor"
        }
    ]
}