Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-007.NASLHistoryMar 21, 2023 - 12:00 a.m.
Amazon Linux 2023 : xdg-utils (ALAS2023-2023-007)
2023-03-2100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
amazon linux 2023
xdg-utils
vulnerabilities
thunderbird
mailto urls
cve-2020-27748
cve-2022-4055
nessus
0.002 Low
EPSS
Percentile
61.2%
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-007 advisory.
-
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. (CVE-2020-27748)
-
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. (CVE-2022-4055)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-007.
##
include('compat.inc');
if (description)
{
script_id(173127);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/21");
script_cve_id("CVE-2020-27748", "CVE-2022-4055");
script_name(english:"Amazon Linux 2023 : xdg-utils (ALAS2023-2023-007)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-007 advisory.
- A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs,
xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An
attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new
email. If a victim user does not notice that an attachment was added and sends the email, this could
result in sensitive information disclosure. It has been confirmed that the code behind this issue is in
xdg-email and not in Thunderbird. (CVE-2020-27748)
- When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to
additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can
use this method to create a mailto URL that looks safe to users, but will actually attach files when
clicked. (CVE-2022-4055)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-007.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-27748.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-4055.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update xdg-utils --releasever=2023.0.20230222 ' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27748");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-4055");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/01");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xdg-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'xdg-utils-1.1.3-12.amzn2023.0.1', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdg-utils");
}Related
amazon
amazon
Medium: xdg-utils
2023-03-17 16:35:00
nessus
nessus
RHEL 6 : xdg-utils (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : xdg-utils (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : xdg-utils (Unpatched Vulnerability)
2024-05-11 00:00:00
debiancve
debiancve
CVE-2020-27748
2021-06-01 14:15:08
CVE-2022-4055
2022-11-19 00:15:31
mageia
mageia
Updated xdg-utils package fixes a security vulnerability
2020-12-03 12:54:38
osv
osv
xdg-utils vulnerability
2020-11-26 13:57:13
CVE-2020-27748
2021-06-01 14:15:08
CVE-2022-4055
2022-11-19 00:15:31
ubuntu
ubuntu
xdg-utils vulnerability
2020-11-26 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4649-1)
2020-11-27 00:00:00
Mageia: Security Advisory (MGASA-2020-0446)
2022-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2020-27748
2020-11-24 00:00:00
CVE-2022-4055
2022-11-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2444
2024-07-01 14:15:34
redhatcve
redhatcve
CVE-2020-27748
2020-11-20 13:51:30
CVE-2022-4055
2022-11-17 21:25:57
alpinelinux
alpinelinux
CVE-2020-27748
2021-06-01 14:15:08
CVE-2022-4055
2022-11-19 00:15:00
cvelist
cvelist
CVE-2020-27748
2021-06-01 13:15:11
CVE-2022-4055
2022-11-18 00:00:00
nvd
nvd
CVE-2020-27748
2021-06-01 14:15:08
CVE-2022-4055
2022-11-19 00:15:31
prion
prion
Information disclosure
2021-06-01 14:15:00
Design/Logic Flaw
2022-11-19 00:15:00
cve
cve
CVE-2020-27748
2021-06-01 14:15:08
CVE-2022-4055
2022-11-19 00:15:31
cbl_mariner
cbl_mariner
CVE-2020-27748 affecting package xdg-utils 1.1.3-7
2024-07-08 21:08:44
CVE-2022-4055 affecting package xdg-utils 1.1.3-7
2024-07-08 21:08:44