{"id": "DEBIAN_DSA-4434.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-4434-1 : drupal7 - security update", "description": "A cross-site scripting vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional\ninformation, please refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2019-006 .", "published": "2019-04-22T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/124205", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2019/dsa-4434", "https://www.drupal.org/sa-core-2019-006", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927330", "https://security-tracker.debian.org/tracker/source-package/drupal7", "https://packages.debian.org/source/stretch/drupal7"], "cvelist": ["CVE-2019-11358"], "type": "nessus", "lastseen": "2021-03-01T01:59:50", "edition": 19, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11358"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CRUC-8408", "ATLASSIAN:FE-7196", "ATLASSIAN:JRASERVER-70929", "ATLASSIAN:JRASERVER-69725", "ATLASSIAN:BSERV-11753"]}, {"type": "symantec", "idList": ["SMNTC-108023"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2118-1:5E0A4", "DEBIAN:DLA-1777-1:55799", "DEBIAN:DSA-4460-1:50632", "DEBIAN:DSA-4434-1:D2F07", "DEBIAN:DLA-1797-1:1A7B8"]}, {"type": "joomla", "idList": ["JOOMLA-779"]}, {"type": "fedora", "idList": ["FEDORA:320386075B54", "FEDORA:2B920607600F", "FEDORA:0E6FD60E1861", "FEDORA:4A1276046F94", "FEDORA:438D16045644", "FEDORA:10ED96049C48", "FEDORA:11C9F606DF50", "FEDORA:3787360525AF", "FEDORA:3230260BA78B"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2019-004"]}, {"type": "drupal", "idList": ["DRUPAL-SA-CORE-2019-006"]}, {"type": "redhat", "idList": ["RHSA-2020:2412", "RHSA-2020:4670", "RHSA-2019:3024", "RHSA-2019:3023", "RHSA-2020:3936", "RHSA-2019:2587", "RHSA-2020:1325", "RHSA-2020:5581"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142509", "OPENVAS:1361412562310891777", "OPENVAS:1361412562310891797", "OPENVAS:1361412562310108601", "OPENVAS:1361412562310142300", "OPENVAS:1361412562310876327", "OPENVAS:1361412562310892118", "OPENVAS:1361412562310142301", "OPENVAS:1361412562310704434", "OPENVAS:1361412562310142508"]}, {"type": "nessus", "idList": ["FEDORA_2019-F563E66380.NASL", "DEBIAN_DLA-1797.NASL", "FREEBSD_PKG_FFC73E8787F011E9AD56FCAA147E860E.NASL", "FEDORA_2019-2A0CE0C58C.NASL", "JQUERY_3_4_0.NASL", "REDHAT-RHSA-2020-1325.NASL", "SECURITYCENTER_5_14_0_TNS_2020_02.NASL", "FEDORA_2019-A06DFFAB1C.NASL", "DEBIAN_DLA-2118.NASL", "REDHAT-RHSA-2020-5581.NASL"]}, {"type": "github", "idList": ["GHSA-6C3J-C64M-QHGQ"]}, {"type": "freebsd", "idList": ["3C5A4FE0-9EBB-11E9-9169-FCAA147E860E", "FFC73E87-87F0-11E9-AD56-FCAA147E860E"]}, {"type": "archlinux", "idList": ["ASA-201906-2"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1839-1", "OPENSUSE-SU-2019:1872-1"]}, {"type": "centos", "idList": ["CESA-2020:3936"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3936"]}], "modified": "2021-03-01T01:59:50", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-03-01T01:59:50", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4434. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124205);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_xref(name:\"DSA\", value:\"4434\");\n\n script_name(english:\"Debian DSA-4434-1 : drupal7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional\ninformation, please refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2019-006 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/sa-core-2019-006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4434\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the drupal7 packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"drupal7\", reference:\"7.52-2+deb9u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "124205", "cpe": ["p-cpe:/a:debian:debian_linux:drupal7", "cpe:/o:debian:debian_linux:9.0"], "scheme": null, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}

{"cve": [{"lastseen": "2021-02-02T07:12:48", "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "edition": 40, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-20T00:29:00", "title": "CVE-2019-11358", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11358"], "modified": "2021-01-20T15:15:00", "cpe": ["cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-11358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "atlassian": [{"lastseen": "2020-12-24T14:35:22", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "The version of jQuery used in Jira before 8.2.3 was vulnerable to CVE-2019-11358. This issue was addressed by updating Jira server to use a patched & custom version of jQuery (2.2.4.7).", "edition": 6, "modified": "2020-05-03T07:14:49", "published": "2019-08-01T05:11:29", "id": "ATLASSIAN:JRASERVER-69725", "href": "https://jira.atlassian.com/browse/JRASERVER-69725", "title": "Update jQuery to address CVE-2019-11358", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-24T14:35:24", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "The bundled version of jQuery in Fisheye before version 4.7.1 was vulnerable to CVE-2019-11358 (https://nvd.nist.gov/vuln/detail/CVE-2019-11358). This was fixed by patching the version of jQuery bundled with Fisheye.", "edition": 2, "modified": "2019-07-22T10:23:16", "published": "2019-07-08T22:50:18", "id": "ATLASSIAN:FE-7196", "href": "https://jira.atlassian.com/browse/FE-7196", "title": "Address CVE-2019-11358 in the bundled version of jQuery", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-24T14:35:22", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "The bundled version of jQuery in Crucible before version 4.7.1 was vulnerable to CVE-2019-11358 (https://nvd.nist.gov/vuln/detail/CVE-2019-11358). This was fixed by patching the version of jQuery bundled with Crucible.", "edition": 3, "modified": "2020-01-07T06:19:33", "published": "2019-07-08T22:57:45", "id": "ATLASSIAN:CRUC-8408", "href": "https://jira.atlassian.com/browse/CRUC-8408", "title": "Address CVE-2019-11358 in the bundled version of jQuery", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-24T14:35:31", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug (CVE-2019-11358, [https://nvd.nist.gov/vuln/detail/CVE-2019-11358]) which is only fixed in jQuery 3.4.0.\r\n", "edition": 5, "modified": "2019-12-10T04:31:40", "published": "2019-05-13T01:57:29", "id": "ATLASSIAN:BSERV-11753", "href": "https://jira.atlassian.com/browse/BSERV-11753", "title": "jQuery 2.2.4 is vulnerable to prototype pollution", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-11T13:20:19", "bulletinFamily": "software", "cvelist": ["CVE-2015-9251", "CVE-2019-11358"], "description": "h3. Issue Summary\r\njQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jira uses jQuery 2.2.4 (as of Jira 8.8.0) \r\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\r\n\r\nh3. Steps to Reproduce\r\n-\r\nh3. Expected Results\r\nJira uses jQuery v3.0.0 or newer.\r\n\r\nh3. Actual Results\r\nJira uses jQuery 2.2.4\r\n\r\nh3. Workaround\r\n Currently there is no known workaround for this behavior. A workaround will be added here when available", "edition": 9, "modified": "2020-05-11T09:26:15", "published": "2020-04-20T13:29:57", "id": "ATLASSIAN:JRASERVER-70929", "href": "https://jira.atlassian.com/browse/JRASERVER-70929", "title": "Jira uses vulnerable jQuery version CVE-2015-9251", "type": "atlassian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "symantec": [{"lastseen": "2019-10-16T10:31:05", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "### Description\n\nJQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. JQuery versions prior to 3.4.0 are vulnerable.\n\n### Technologies Affected\n\n * Backdrop Backdrop 1.11.0 \n * Backdrop Backdrop 1.11.1 \n * Backdrop Backdrop 1.11.2 \n * Backdrop Backdrop 1.11.3 \n * Backdrop Backdrop 1.11.4 \n * Backdrop Backdrop 1.11.5 \n * Backdrop Backdrop 1.11.6 \n * Backdrop Backdrop 1.11.7 \n * Backdrop Backdrop 1.11.8 \n * Backdrop Backdrop 1.12.0 \n * Backdrop Backdrop 1.12.1 \n * Backdrop Backdrop 1.12.2 \n * Backdrop Backdrop 1.12.3 \n * Backdrop Backdrop 1.12.4 \n * Backdrop Backdrop 1.12.5 \n * Drupal Drupal 7 \n * Drupal Drupal 7.0 \n * Drupal Drupal 7.10 \n * Drupal Drupal 7.11 \n * Drupal Drupal 7.12 \n * Drupal Drupal 7.13 \n * Drupal Drupal 7.14 \n * Drupal Drupal 7.15 \n * Drupal Drupal 7.16 \n * Drupal Drupal 7.17 \n * Drupal Drupal 7.19 \n * Drupal Drupal 7.20 \n * Drupal Drupal 7.21 \n * Drupal Drupal 7.22 \n * Drupal Drupal 7.23 \n * Drupal Drupal 7.24 \n * Drupal Drupal 7.25 \n * Drupal Drupal 7.26 \n * Drupal Drupal 7.27 \n * Drupal Drupal 7.28 \n * Drupal Drupal 7.29 \n * Drupal Drupal 7.30 \n * Drupal Drupal 7.31 \n * Drupal Drupal 7.32 \n * Drupal Drupal 7.33 \n * Drupal Drupal 7.34 \n * Drupal Drupal 7.35 \n * Drupal Drupal 7.36 \n * Drupal Drupal 7.37 \n * Drupal Drupal 7.38 \n * Drupal Drupal 7.39 \n * Drupal Drupal 7.4 \n * Drupal Drupal 7.40 \n * Drupal Drupal 7.41 \n * Drupal Drupal 7.42 \n * Drupal Drupal 7.44 \n * Drupal Drupal 7.5 \n * Drupal Drupal 7.52 \n * Drupal Drupal 7.54 \n * Drupal Drupal 7.55 \n * Drupal Drupal 7.56 \n * Drupal Drupal 7.57 \n * Drupal Drupal 7.58 \n * Drupal Drupal 7.59 \n * Drupal Drupal 7.62 \n * Drupal Drupal 7.65 \n * Drupal Drupal 7.8 \n * Drupal Drupal 7.9 \n * Drupal Drupal 8.5 \n * Drupal Drupal 8.5.0 \n * Drupal Drupal 8.5.1 \n * Drupal Drupal 8.5.11 \n * Drupal Drupal 8.5.14 \n * Drupal Drupal 8.5.2 \n * Drupal Drupal 8.5.3 \n * Drupal Drupal 8.5.6 \n * Drupal Drupal 8.5.7 \n * Drupal Drupal 8.5.8 \n * Drupal Drupal 8.5.9 \n * Drupal Drupal 8.6 \n * Drupal Drupal 8.6.1 \n * Drupal Drupal 8.6.10 \n * Drupal Drupal 8.6.13 \n * Drupal Drupal 8.6.2 \n * Drupal Drupal 8.6.3 \n * Drupal Drupal 8.6.4 \n * Drupal Drupal 8.6.5 \n * Drupal Drupal 8.6.6 \n * Oracle ADF 11.1.1.9.0 \n * Oracle ADF 12.1.3.0.0 \n * Oracle ADF 12.2.1.3.0 \n * Oracle Agile Product Lifecycle Management for Process 6.2.0.0 \n * Oracle Agile Product Lifecycle Management for Process 6.2.1.0 \n * Oracle Agile Product Lifecycle Management for Process 6.2.2.0 \n * Oracle Agile Product Lifecycle Management for Process 6.2.3.0 \n * Oracle Application Testing Suite 13.2 \n * Oracle Application Testing Suite 13.3 \n * Oracle Banking Platform 2.4.0 \n * Oracle Banking Platform 2.4.1 \n * Oracle Banking Platform 2.5 \n * Oracle Banking Platform 2.5.0 \n * Oracle Banking Platform 2.6 \n * Oracle Banking Platform 2.6.0 \n * Oracle Banking Platform 2.6.1 \n * Oracle Banking Platform 2.6.2 \n * Oracle Banking Platform 2.7.1 \n * Oracle Communications Billing and Revenue Management 12.0 \n * Oracle Communications Billing and Revenue Management 7.5 \n * Oracle Diagnostic Assistant 2.12.36 \n * Oracle Enterprise Manager Ops Center 12.3.3 \n * Oracle Enterprise Manager Ops Center 12.4.0 \n * Oracle Financial Services Analytical Applications Infrastructure 7.3.3 \n * Oracle Financial Services Analytical Applications Infrastructure 7.3.4 \n * Oracle Financial Services Analytical Applications Infrastructure 7.3.5 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.2 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.3 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.4 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.5 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.6 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.7 \n * Oracle Financial Services Analytical Applications Infrastructure 8.0.8 \n * Oracle Financial Services Analytical Applications Reconciliation Framew 8.0.4 \n * Oracle Financial Services Analytical Applications Reconciliation Framew 8.0.7 \n * Oracle Financial Services Asset Liability Management 8.0.4 \n * Oracle Financial Services Asset Liability Management 8.0.5 \n * Oracle Financial Services Asset Liability Management 8.0.7 \n * Oracle Financial Services Basel Regulatory Capital Basic 8.0.4 \n * Oracle Financial Services Basel Regulatory Capital Basic 8.0.7 \n * Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.4 \n * Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.7 \n * Oracle Financial Services Data Foundation 8.0.4 \n * Oracle Financial Services Data Foundation 8.0.5 \n * Oracle Financial Services Data Foundation 8.0.8 \n * Oracle Financial Services Data Integration Hub 8.0.5 \n * Oracle Financial Services Data Integration Hub 8.0.7 \n * Oracle Financial Services Enterprise Financial Performance Analytics 8.0.6 \n * Oracle Financial Services Enterprise Financial Performance Analytics 8.0.7 \n * Oracle Financial Services Funds Transfer Pricing 8.0.4 \n * Oracle Financial Services Funds Transfer Pricing 8.0.5 \n * Oracle Financial Services Funds Transfer Pricing 8.0.7 \n * Oracle Financial Services Hedge Management and IFRS Valuations 8.0.4 \n * Oracle Financial Services Hedge Management and IFRS Valuations 8.0.5 \n * Oracle Financial Services Hedge Management and IFRS Valuations 8.0.7 \n * Oracle Financial Services Institutional Performance Analytics 8.0.4 \n * Oracle Financial Services Institutional Performance Analytics 8.0.5 \n * Oracle Financial Services Institutional Performance Analytics 8.0.7 \n * Oracle Financial Services Liquidity Risk Management 8.0.1 \n * Oracle Financial Services Liquidity Risk Management 8.0.2 \n * Oracle Financial Services Liquidity Risk Management 8.0.4 \n * Oracle Financial Services Liquidity Risk Management 8.0.5 \n * Oracle Financial Services Liquidity Risk Management 8.0.6 \n * Oracle Financial Services Liquidity Risk Measurement and Management 8.0.7 \n * Oracle Financial Services Liquidity Risk Measurement and Management 8.0.8 \n * Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.2 \n * Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.3 \n * Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.4 \n * Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.5 \n * Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.7 \n * Oracle Financial Services Market Risk Measurement and Management 8.0.5 \n * Oracle Financial Services Market Risk Measurement and Management 8.0.6 \n * Oracle Financial Services Market Risk Measurement and Management 8.0.8 \n * Oracle Financial Services Price Creation and Discovery 8.0.4 \n * Oracle Financial Services Price Creation and Discovery 8.0.5 \n * Oracle Financial Services Price Creation and Discovery 8.0.7 \n * Oracle Financial Services Profitability Management 8.0.4 \n * Oracle Financial Services Profitability Management 8.0.5 \n * Oracle Financial Services Profitability Management 8.0.6 \n * Oracle Financial Services Profitability Management 8.0.7 \n * Oracle Financial Services Regulatory Reporting for European Banking Aut 8.0.6 \n * Oracle Financial Services Regulatory Reporting for European Banking Aut 8.0.7 \n * Oracle Financial Services Regulatory Reporting for US Federal Reserve 8.0.4 \n * Oracle Financial Services Regulatory Reporting for US Federal Reserve 8.0.7 \n * Oracle Financial Services Retail Customer Analytics 8.0.4 \n * Oracle Financial Services Retail Customer Analytics 8.0.5 \n * Oracle Financial Services Retail Customer Analytics 8.0.6 \n * Oracle Financial Services Retail Performance Analytics 8.0.6 \n * Oracle Financial Services Retail Performance Analytics 8.0.7 \n * Oracle Financial Services Revenue Management and Billing 2.4.0.0.0 \n * Oracle Financial Services Revenue Management and Billing 2.4.0.1 \n * Oracle Healthcare Foundation 7.1.1 \n * Oracle Healthcare Foundation 7.2.2 \n * Oracle Healthcare Translational Research 3.1.0 \n * Oracle Healthcare Translational Research 3.2.1 \n * Oracle Healthcare Translational Research 3.3.1 \n * Oracle Hospitality Guest Access 4.2.0 \n * Oracle Hospitality Guest Access 4.2.1 \n * Oracle Hospitality Materials Control 18.1 \n * Oracle Insurance Allocation Manager for Enterprise Profitability 8.0.8 \n * Oracle Insurance Data Foundation 8.0.4 \n * Oracle Insurance Data Foundation 8.0.5 \n * Oracle Insurance Data Foundation 8.0.7 \n * Oracle Insurance IFRS 17 Analyzer 8.0.6 \n * Oracle Insurance IFRS 17 Analyzer 8.0.7 \n * Oracle Insurance Performance Insight 8.0.7 \n * Oracle JDeveloper 11.1.1.9.0 \n * Oracle JDeveloper 12.1.3.0.0 \n * Oracle JDeveloper 12.2.1.3.0 \n * Oracle OFS REG REP EBA 8.0.6 \n * Oracle OFS REG REP EBA 8.0.7 \n * Oracle OFS REG REP RBI 8.0.7 \n * Oracle OFS REG REP US FED 8.0.4 \n * Oracle OFS REG REP US FED 8.0.7 \n * Oracle PeopleSoft Enterprise PeopleTools 8.55 \n * Oracle PeopleSoft Enterprise PeopleTools 8.56 \n * Oracle PeopleSoft Enterprise PeopleTools 8.57 \n * Oracle Policy Automation 10.4.7 \n * Oracle Policy Automation 12.1.0 \n * Oracle Policy Automation 12.1.1 \n * Oracle Policy Automation 12.2.0 \n * Oracle Policy Automation 12.2.1 \n * Oracle Policy Automation 12.2.10 \n * Oracle Policy Automation 12.2.15 \n * Oracle Policy Automation 12.2.2 \n * Oracle Policy Automation 12.2.3 \n * Oracle Policy Automation 12.2.7 \n * Oracle Policy Automation 12.2.8 \n * Oracle Policy Automation 12.2.9 \n * Oracle Policy Automation Connector for Siebel 10.4.6 \n * Oracle Policy Automation for Mobile Devices 12.2.0 \n * Oracle Policy Automation for Mobile Devices 12.2.10 \n * Oracle Policy Automation for Mobile Devices 12.2.15 \n * Oracle Policy Automation for Mobile Devices 12.2.4 \n * Oracle Policy Automation for Mobile Devices 12.2.5 \n * Oracle Policy Automation for Mobile Devices 12.2.6 \n * Oracle Policy Automation for Mobile Devices 12.2.7 \n * Oracle Policy Automation for Mobile Devices 12.2.8 \n * Oracle Policy Automation for Mobile Devices 12.2.9 \n * Oracle Primavera Unifier 16.1 \n * Oracle Primavera Unifier 16.2 \n * Oracle Primavera Unifier 17.12 \n * Oracle Primavera Unifier 17.7 \n * Oracle Primavera Unifier 18.8 \n * Oracle Retail Customer Insights 15.0 \n * Oracle Retail Customer Insights 16.0 \n * Oracle Service Bus 11.1.1.9.0 \n * Oracle Service Bus 12.1.3.0.0 \n * Oracle Service Bus 12.2.1.3.0 \n * Oracle Siebel Applications 19.0 \n * Oracle Siebel Applications 19.3 \n * Oracle Siebel Applications 19.8 \n * Oracle System Utilities 19.1 \n * Oracle Weblogic Server 10.3.6.0 \n * Oracle Weblogic Server 12.1.3.0.0 \n * Oracle Weblogic Server 12.2.1.3.0 \n * jQuery jQuery 1.0.0 \n * jQuery jQuery 1.0.1 \n * jQuery jQuery 1.10.0 \n * jQuery jQuery 1.6 \n * jQuery jQuery 1.6.1 \n * jQuery jQuery 1.6.2 \n * jQuery jQuery 1.6.3 \n * jQuery jQuery 1.6.4 \n * jQuery jQuery 1.7.1 \n * jQuery jQuery 1.8.1 \n * jQuery jQuery 1.9.0 \n * jQuery jQuery 2.2 \n * jQuery jQuery 3.0.0 \n * jQuery jQuery 3.1 \n * jQuery jQuery 3.1.0 \n * jQuery jQuery 3.1.1 \n * jQuery jQuery 3.2 \n * jQuery jQuery 3.2.0 \n * jQuery jQuery 3.2.1 \n * jQuery jQuery 3.3 \n * jQuery jQuery 3.3.0 \n * jQuery jQuery 3.3.1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nAttackers may successfully exploit client flaws in the browser through cross-site scripting vulnerabilities. When possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content. \n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-04-17T00:00:00", "published": "2019-04-17T00:00:00", "id": "SMNTC-108023", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108023", "type": "symantec", "title": "JQuery CVE-2019-11358 Cross Site Scripting Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T01:10:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358"], "description": "Package : otrs2\nVersion : 3.3.18-1+deb8u14\nCVE ID : CVE-2019-11358\nDebian Bug : 927385\n\n\nIt was discovered that the jQuery version embedded in OTRS, a ticket\nrequest system, was prone to a cross site scripting vulnerability in\njQuery.extend().\n\nFor Debian 8 &quot;Jessie&quot;, this problem has been fixed in version\n3.3.18-1+deb8u14.\n\nWe recommend that you upgrade your otrs2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2020-02-24T17:03:46", "published": "2020-02-24T17:03:46", "id": "DEBIAN:DLA-2118-1:5E0A4", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202002/msg00024.html", "title": "[SECURITY] [DLA 2118-1] otrs2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:22:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4434-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 20, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : drupal7\nCVE ID : CVE-2019-11358\nDebian Bug : 927330\n\nA cross-site scripting vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional information,\nplease refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2019-006 .\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u8.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFor the detailed security status of drupal7 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/drupal7\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2019-04-20T12:03:25", "published": "2019-04-20T12:03:25", "id": "DEBIAN:DSA-4434-1:D2F07", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00078.html", "title": "[SECURITY] [DSA 4434-1] drupal7 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-08-12T00:52:23", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358"], "description": "Package : jquery\nVersion : 1.7.2+dfsg-3.2+deb8u6\nCVE ID : CVE-2019-11358\n\njQuery mishandles jQuery.extend(true, {}, ...) because of Object.prototype\npollution. If an unsanitized source object contained an enumerable __proto__\nproperty, it could extend the native Object.prototype. For additional\ninformation, please refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2019-006 .\n\nFor Debian 8 &quot;Jessie&quot;, this problem has been fixed in version\n1.7.2+dfsg-3.2+deb8u6.\n\nWe recommend that you upgrade your jquery packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2019-05-06T07:42:24", "published": "2019-05-06T07:42:24", "id": "DEBIAN:DLA-1777-1:55799", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00006.html", "title": "[SECURITY] [DLA 1777-1] jquery security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:22:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-11831"], "description": "Package : drupal7\nVersion : 7.32-1+deb8u17\nCVE ID : CVE-2019-11358 CVE-2019-11831\nDebian Bug : 927330 928688\n\nSeveral security vulnerabilities have been discovered in drupal7, a\nPHP web site platform. The vulnerabilities affect the embedded versions\nof the jQuery JavaScript library and the Typo3 Phar Stream Wrapper\nlibrary.\n\nCVE-2019-11358\n\n It was discovered that the jQuery version embedded in Drupal was\n prone to a cross site scripting vulnerability in jQuery.extend().\n\n For additional information, please refer to the upstream advisory\n at https://www.drupal.org/sa-core-2019-006.\n\nCVE-2019-11831\n\n It was discovered that incomplete validation in a Phar processing\n library embedded in Drupal, a fully-featured content management\n framework, could result in information disclosure.\n\n For additional information, please refer to the upstream advisory\n at https://www.drupal.org/sa-core-2019-007.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n7.32-1+deb8u17.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n- -- \nJonas Meurer\n\n\n", "edition": 2, "modified": "2019-05-20T14:22:08", "published": "2019-05-20T14:22:08", "id": "DEBIAN:DLA-1797-1:1A7B8", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00029.html", "title": "[SECURITY] [DLA 1797-1] drupal7 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:05:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-12472", "CVE-2019-12474", "CVE-2019-12471", "CVE-2019-12473", "CVE-2019-12470", "CVE-2019-12467", "CVE-2019-12466", "CVE-2019-12469", "CVE-2019-12468"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4460-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 12, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki\nCVE ID : CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 \n CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 \n CVE-2019-12473 CVE-2019-12474\n\nMultiple security vulnerabilities have been discovered in MediaWiki, a\nwebsite engine for collaborative work, which may result in authentication\nbypass, denial of service, cross-site scripting, information disclosure\nand bypass of anti-spam measures.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:1.27.7-1~deb9u1.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFor the detailed security status of mediawiki please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/mediawiki\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2019-06-11T22:27:23", "published": "2019-06-11T22:27:23", "id": "DEBIAN:DSA-4460-1:50632", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00106.html", "title": "[SECURITY] [DSA 4460-1] mediawiki security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2019-05-09T01:34:20", "published": "2019-05-09T01:34:20", "id": "FEDORA:4A1276046F94", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-11831"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2020-01-04T22:16:18", "published": "2020-01-04T22:16:18", "id": "FEDORA:438D16045644", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: drupal7-7.69-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-11831"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2019-05-25T01:06:23", "published": "2019-05-25T01:06:23", "id": "FEDORA:10ED96049C48", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: drupal7-7.67-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2922", "CVE-2019-11358"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2019-05-09T03:18:10", "published": "2019-05-09T03:18:10", "id": "FEDORA:3230260BA78B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: drupal7-7.66-1.fc29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2922", "CVE-2019-11358", "CVE-2019-11831"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2019-05-25T03:36:33", "published": "2019-05-25T03:36:33", "id": "FEDORA:2B920607600F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: drupal7-7.67-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2922", "CVE-2018-7602", "CVE-2019-11358"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2019-05-09T01:42:20", "published": "2019-05-09T01:42:20", "id": "FEDORA:3787360525AF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: drupal7-7.66-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2922", "CVE-2018-7602", "CVE-2019-11358", "CVE-2019-11831"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2019-05-25T01:11:40", "published": "2019-05-25T01:11:40", "id": "FEDORA:0E6FD60E1861", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: drupal7-7.67-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10909", "CVE-2019-10910", "CVE-2019-10911", "CVE-2019-11358"], "description": "Drupal is an open source content management platform powering millions of websites and applications. It=EF=BF=BD=EF=BF=BD=EF=BF=BDs built, used, and supported by an active and diverse community of people around the world. ", "modified": "2019-05-08T01:13:39", "published": "2019-05-08T01:13:39", "id": "FEDORA:320386075B54", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: drupal8-8.6.15-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10909", "CVE-2019-10910", "CVE-2019-10911", "CVE-2019-11358"], "description": "Drupal is an open source content management platform powering millions of websites and applications. It=EF=BF=BD=EF=BF=BD=EF=BF=BDs built, used, and supported by an active and diverse community of people around the world. ", "modified": "2019-05-08T03:06:22", "published": "2019-05-08T03:06:22", "id": "FEDORA:11C9F606DF50", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: drupal8-8.6.15-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2021-01-22T20:48:19", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "edition": 5, "modified": "2021-01-22T17:43:21", "published": "2019-04-26T16:29:11", "id": "GHSA-6C3J-C64M-QHGQ", "href": "https://github.com/advisories/GHSA-6c3j-c64m-qhgq", "title": "XSS in jQuery as used in Drupal, Backdrop CMS, and other products", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "joomla": [{"lastseen": "2020-12-24T13:21:31", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.\n", "edition": 4, "modified": "2019-04-09T00:00:00", "published": "2019-04-09T00:00:00", "id": "JOOMLA-779", "href": "https://developer.joomla.org/security-centre/779-20190403-core-object-prototype-pollution-in-jquery-extend.html?highlight=WyJleHBsb2l0Il0=", "title": "[20190403] - Core - Object.prototype pollution in JQuery $.extend", "type": "joomla", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:32:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "Drupal is prone to a cross-site scripting vulnerability in jQuery.", "modified": "2019-04-24T00:00:00", "published": "2019-04-24T00:00:00", "id": "OPENVAS:1361412562310142300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142300", "type": "openvas", "title": "Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) (Linux)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:drupal:drupal';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142300\");\n script_version(\"2019-04-24T09:29:51+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-24 09:29:51 +0000 (Wed, 24 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 09:17:20 +0000 (Wed, 24 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-11358\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"drupal_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"drupal/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Drupal is prone to a cross-site scripting vulnerability in jQuery.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"jQuery 3.4.0 includes a fix for some unintended behavior when using\n jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it\n could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch\n previous jQuery versions.\");\n\n script_tag(name:\"affected\", value:\"Drupal 7, 8.5.x or earlier and 8.6.x.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.66, 8.5.15, 8.6.15 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.drupal.org/sa-core-2019-006\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"7.0\", test_version2: \"7.65\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.66\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.5.14\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.15\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.6\", test_version2: \"8.6.14\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.6.15\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T19:24:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310891777", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891777", "type": "openvas", "title": "Debian LTS: Security Advisory for jquery (DLA-1777-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891777\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-11358\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:00:06 +0000 (Tue, 07 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for jquery (DLA-1777-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1777-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jquery'\n package(s) announced via the DLA-1777-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"jQuery mishandles jQuery.extend(true, {}, ...) because of Object.prototype\npollution. If an unsanitized source object contained an enumerable __proto__\nproperty, it could extend the native Object.prototype.\");\n\n script_tag(name:\"affected\", value:\"'jquery' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1.7.2+dfsg-3.2+deb8u6.\n\nWe recommend that you upgrade your jquery packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libjs-jquery\", ver:\"1.7.2+dfsg-3.2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "The remote host is missing an update for the ", "modified": "2019-04-21T00:00:00", "published": "2019-04-21T00:00:00", "id": "OPENVAS:1361412562310704434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704434", "type": "openvas", "title": "Debian Security Advisory DSA 4434-1 (drupal7 - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704434\");\n script_version(\"2019-04-21T02:00:05+0000\");\n script_cve_id(\"CVE-2019-11358\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-04-21 02:00:05 +0000 (Sun, 21 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-21 02:00:05 +0000 (Sun, 21 Apr 2019)\");\n script_name(\"Debian Security Advisory DSA 4434-1 (drupal7 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4434.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4434-1\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/sa-core-2019-006\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'drupal7'\n package(s) announced via the DSA-4434-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A cross-site scripting vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional information,\nplease refer to the linked upstream advisory.\");\n\n script_tag(name:\"affected\", value:\"'drupal7' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u8.\n\nWe recommend that you upgrade your drupal7 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.52-2+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-02-26T16:54:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "The remote host is missing an update for the ", "modified": "2020-02-25T00:00:00", "published": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562310892118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892118", "type": "openvas", "title": "Debian LTS: Security Advisory for otrs2 (DLA-2118-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892118\");\n script_version(\"2020-02-25T04:00:05+0000\");\n script_cve_id(\"CVE-2019-11358\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 04:00:05 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 04:00:05 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Debian LTS: Security Advisory for otrs2 (DLA-2118-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2118-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/927385\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'otrs2'\n package(s) announced via the DLA-2118-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the jQuery version embedded in OTRS, a ticket\nrequest system, was prone to a cross site scripting vulnerability in\njQuery.extend().\");\n\n script_tag(name:\"affected\", value:\"'otrs2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n3.3.18-1+deb8u14.\n\nWe recommend that you upgrade your otrs2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"otrs\", ver:\"3.3.18-1+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"otrs2\", ver:\"3.3.18-1+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "The remote host is missing an update for the\n ", "modified": "2019-05-14T00:00:00", "published": "2019-05-09T00:00:00", "id": "OPENVAS:1361412562310876327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876327", "type": "openvas", "title": "Fedora Update for drupal7 FEDORA-2019-2a0ce0c58c", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876327\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-11358\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-09 02:13:18 +0000 (Thu, 09 May 2019)\");\n script_name(\"Fedora Update for drupal7 FEDORA-2019-2a0ce0c58c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2a0ce0c58c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'drupal7' package(s) announced via the FEDORA-2019-2a0ce0c58c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Equipped with a powerful blend of features,\n Drupal is a Content Management System written in PHP that can support a variety\n of websites ranging from personal weblogs to large community-driven websites.\n Drupal is highly configurable, skinnable, and secure.\");\n\n script_tag(name:\"affected\", value:\"'drupal7' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"drupal7\", rpm:\"drupal7~7.66~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-29T14:54:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "Discourse is prone to multiple vulnerabilities in 3rdparty components.", "modified": "2019-08-28T00:00:00", "published": "2019-06-17T00:00:00", "id": "OPENVAS:1361412562310108601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108601", "type": "openvas", "title": "Discourse < 2.3.0.beta9 Multiple Vulnerabilities", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:discourse:discourse\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108601\");\n script_version(\"2019-08-28T13:27:25+0000\");\n script_cve_id(\"CVE-2019-11358\");\n script_tag(name:\"last_modification\", value:\"2019-08-28 13:27:25 +0000 (Wed, 28 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-17 06:03:35 +0000 (Mon, 17 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Discourse < 2.3.0.beta9 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_discourse_detect.nasl\");\n script_mandatory_keys(\"discourse/detected\");\n\n script_tag(name:\"summary\", value:\"Discourse is prone to multiple vulnerabilities in 3rdparty components.\");\n\n script_tag(name:\"insight\", value:\"The following 3rdparty components have been updated to fix security issues:\n\n - Jquery CVE-2019-11358\n\n - Update nokogiri\n\n - Update Handlebars to 4.1\");\n\n script_tag(name:\"affected\", value:\"Discourse before version 2.3.0.beta9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.3.0.beta9.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://meta.discourse.org/t/discourse-2-3-0-beta9-release-notes/115786\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\n\nif( version_is_less( version:vers, test_version:\"2.3.0\" ) ||\n version_in_range( version:vers, test_version:\"2.3.0.beta1\", test_version2:\"2.3.0.beta8\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.3.0.beta9\", install_path:infos[\"location\"] );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-10T17:21:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "Django is prone to a vulnerability in the bundled jQuery.", "modified": "2020-03-06T00:00:00", "published": "2019-06-26T00:00:00", "id": "OPENVAS:1361412562310142508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142508", "type": "openvas", "title": "Django jQuery Vulnerability (Linux)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:djangoproject:django\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142508\");\n script_version(\"2020-03-06T09:37:40+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-06 09:37:40 +0000 (Fri, 06 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-26 06:07:28 +0000 (Wed, 26 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-11358\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Django jQuery Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_django_detect_lin.nasl\");\n script_mandatory_keys(\"Django/Linux/Ver\");\n\n script_tag(name:\"summary\", value:\"Django is prone to a vulnerability in the bundled jQuery.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"jQuery before 3.4.0, mishandles 'jQuery.extend(true, {}, ...)' because of\n 'Object.prototype' pollution. If an unsanitized source object contained an enumerable '__proto__' property, it\n could extend the native 'Object.prototype'.\");\n\n script_tag(name:\"affected\", value:\"Django versions 2.1 before 2.1.9 and 2.2 before 2.2.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.1.9, 2.2.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.openwall.com/lists/oss-security/2019/06/03/2\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!infos = get_app_version_and_location(cpe: CPE, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\nlocation = infos['location'];\n\nif (version_in_range(version: version, test_version: \"2.1\", test_version2: \"2.1.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.1.9\", install_path: location);\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"2.2\", test_version2: \"2.2.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.2.2\", install_path: location);\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "Drupal is prone to a cross-site scripting vulnerability in jQuery.", "modified": "2019-04-24T00:00:00", "published": "2019-04-24T00:00:00", "id": "OPENVAS:1361412562310142301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142301", "type": "openvas", "title": "Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) (Windows)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:drupal:drupal';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142301\");\n script_version(\"2019-04-24T09:29:51+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-24 09:29:51 +0000 (Wed, 24 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 09:25:05 +0000 (Wed, 24 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-11358\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"drupal_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"drupal/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Drupal is prone to a cross-site scripting vulnerability in jQuery.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"jQuery 3.4.0 includes a fix for some unintended behavior when using\n jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it\n could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch\n previous jQuery versions.\");\n\n script_tag(name:\"affected\", value:\"Drupal 7, 8.5.x or earlier and 8.6.x.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.66, 8.5.15, 8.6.15 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.drupal.org/sa-core-2019-006\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"7.0\", test_version2: \"7.65\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.66\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.5.14\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.15\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.6\", test_version2: \"8.6.14\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.6.15\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-10T17:21:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "description": "Django is prone to a vulnerability in the bundled jQuery.", "modified": "2020-03-06T00:00:00", "published": "2019-06-26T00:00:00", "id": "OPENVAS:1361412562310142509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142509", "type": "openvas", "title": "Django jQuery Vulnerability (Windows)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:djangoproject:django\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142509\");\n script_version(\"2020-03-06T09:37:40+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-06 09:37:40 +0000 (Fri, 06 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-26 06:11:17 +0000 (Wed, 26 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-11358\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Django jQuery Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_django_detect_win.nasl\");\n script_mandatory_keys(\"django/windows/detected\");\n\n script_tag(name:\"summary\", value:\"Django is prone to a vulnerability in the bundled jQuery.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"jQuery before 3.4.0, mishandles 'jQuery.extend(true, {}, ...)' because of\n 'Object.prototype' pollution. If an unsanitized source object contained an enumerable '__proto__' property, it\n could extend the native 'Object.prototype'.\");\n\n script_tag(name:\"affected\", value:\"Django versions 2.1 before 2.1.9 and 2.2 before 2.2.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.1.9, 2.2.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.openwall.com/lists/oss-security/2019/06/03/2\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!infos = get_app_version_and_location(cpe: CPE, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\nlocation = infos['location'];\n\nif (version_in_range(version: version, test_version: \"2.1\", test_version2: \"2.1.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.1.9\", install_path: location);\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"2.2\", test_version2: \"2.2.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.2.2\", install_path: location);\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358", "CVE-2019-5428"], "description": "jQuery is prone to multiple vulnerabilities regarding property injection in\n Object.prototype.", "modified": "2019-04-25T00:00:00", "published": "2019-04-25T00:00:00", "id": "OPENVAS:1361412562310142314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142314", "type": "openvas", "title": "jQuery < 3.4.0 Object Extensions Vulnerability", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:jquery:jquery\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142314\");\n script_version(\"2019-04-25T15:35:18+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-25 15:35:18 +0000 (Thu, 25 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-25 15:17:31 +0000 (Thu, 25 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-5428\", \"CVE-2019-11358\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\"); # Patches for lower versions available and likely to be applied\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"jQuery < 3.4.0 Object Extensions Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jquery_detect.nasl\");\n script_mandatory_keys(\"jquery/detected\");\n\n script_tag(name:\"summary\", value:\"jQuery is prone to multiple vulnerabilities regarding property injection in\n Object.prototype.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"jQuery is prone to multiple vulnerabilities:\n\n - A prototype pollution vulnerability exists that allows an attacker to inject properties on Object.prototype.\n (CVE-2019-5428)\n\n - jQuery mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source\n object contained an enumerable __proto__ property, it could extend the native Object.prototype. (CVE-2019-11358)\");\n\n script_tag(name:\"affected\", value:\"jQuery prior to version 3.4.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 3.4.0 or later. Patch diffs are available for older versions.\");\n\n script_xref(name:\"URL\", value:\"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\");\n script_xref(name:\"URL\", value:\"https://github.com/DanielRuf/snyk-js-jquery-174006?files=1\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"3.4.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"3.4.0\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "drupal": [{"lastseen": "2019-05-31T19:27:25", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "Project: \n\nDrupal core\n\nDate: \n\n2019-April-17\n\nSecurity risk: \n\n**Moderately critical** 10\u221525 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon\n\nVulnerability: \n\nCross Site Scripting\n\nCVE IDs: \n\nCVE-2019-11358\n\nDescription: \n\nThe jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their [release notes](<https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/>):\n\n> jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.\n\nIt's possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release backports the fix to jQuery.extend(), without making any other changes to the jQuery version that is included in Drupal core (3.2.1 for Drupal 8 and 1.4.4 for Drupal 7) or running on the site via some other module such as [jQuery Update](<https://www.drupal.org/project/jquery_update>).\n\n_2019-04-22, edited to add CVE._\n\nSolution: \n\nInstall the latest version:\n\n * If you are using Drupal 8.6, update to [Drupal 8.6.15](<https://www.drupal.org/project/drupal/releases/8.6.15>).\n * If you are using Drupal 8.5 or earlier, update to [Drupal 8.5.15](<https://www.drupal.org/project/drupal/releases/8.5.15>).\n * If you are using Drupal 7, update to [Drupal 7.66](<https://www.drupal.org/project/drupal/releases/7.66>).\n\nVersions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.\n\nAlso see the [Drupal core](<https://www.drupal.org/project/drupal>) project page.\n\n### Additional information\n\nAll advisories released today:\n\n * [SA-CORE-2019-005](<https://www.drupal.org/sa-core-2019-005>)\n * [SA-CORE-2019-006](<https://www.drupal.org/sa-core-2019-006>)\n\nUpdating to the latest Drupal core release will apply the fixes for all the above advisories.\n\nReported By: \n\n * [dtv_rb ](<https://www.drupal.org/user/3528196>)\n * [Jess ](<https://www.drupal.org/user/65776>) of the Drupal Security Team\n\nFixed By: \n\n * [Alex Bronstein ](<https://www.drupal.org/user/78040>) of the Drupal Security Team\n * [Lee Rowlands ](<https://www.drupal.org/user/395439>) of the Drupal Security Team\n * [Jess ](<https://www.drupal.org/user/65776>) of the Drupal Security Team\n * [Lauri Eskola ](<https://www.drupal.org/user/1078742>)\n * [Greg Knaddison ](<https://www.drupal.org/user/36762>) of the Drupal Security Team\n * [Neil Drumm ](<https://www.drupal.org/user/3064>) of the Drupal Security Team\n * [Samuel Mortenson ](<https://www.drupal.org/user/2582268>) of the Drupal Security Team\n", "modified": "2019-04-17T00:00:00", "published": "2019-04-17T00:00:00", "id": "DRUPAL-SA-CORE-2019-006", "href": "https://www.drupal.org/sa-core-2019-006", "type": "drupal", "title": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "typo3": [{"lastseen": "2020-12-24T13:21:17", "bulletinFamily": "software", "cvelist": ["CVE-2019-11358"], "description": "jQuery before 3.4.0 mishandles _jQuery.extend(true, {}, ...)_ because of _Object.prototype_ pollution. If an unsanitized source object contained an enumerable ___proto___ property, it could extend the native Object.prototype.\n", "modified": "2019-05-07T00:00:00", "published": "2019-05-07T00:00:00", "id": "TYPO3-PSA-2019-004", "href": "https://typo3.org/security/advisory/typo3-psa-2019-004", "type": "typo3", "title": "Cross-Site Scripting in jQuery before 3.4.0", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2020-04-06T09:39:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358"], "description": "python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools\n\nSecurity Fix(es):\n\n* prototype pollution in object's prototype leading to denial of service or\nremote code execution or property injection (CVE-2019-11358)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "modified": "2020-04-06T12:48:58", "published": "2020-04-06T12:40:52", "id": "RHSA-2020:1325", "href": "https://access.redhat.com/errata/RHSA-2020:1325", "type": "redhat", "title": "(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-16T15:29:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358"], "description": "python-XStatic-jQuery is the jQuery javascript library packaged for\nPython's setuptools\n\nSecurity Fix(es):\n\n* Prototype pollution in object's prototype leading to denial of service\nremote code execution or property injection (CVE-2019-11358)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "modified": "2020-12-16T18:43:54", "published": "2020-12-16T17:57:14", "id": "RHSA-2020:5581", "href": "https://access.redhat.com/errata/RHSA-2020:5581", "type": "redhat", "title": "(RHSA-2020:5581) Moderate: python-XStatic-jQuery security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-09-05T06:48:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10854", "CVE-2019-11358"], "description": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* cloudforms: stored cross-site scripting in Name field (CVE-2018-10854)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "modified": "2019-09-05T09:21:40", "published": "2019-09-05T09:18:52", "id": "RHSA-2019:2587", "href": "https://access.redhat.com/errata/RHSA-2019:2587", "type": "redhat", "title": "(RHSA-2019:2587) Moderate: CloudForms 4.7.9 security, bug fix and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-10-10T16:38:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10744", "CVE-2019-11358", "CVE-2019-8331"], "description": "The ovirt-web-ui package provides the web interface for Red Hat Virtualization.\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Known moderate severity security vulnerability detected by GitHub on ovirt-web-ui components (BZ#1694032)", "modified": "2019-10-10T19:28:19", "published": "2019-10-10T18:49:46", "id": "RHSA-2019:3024", "href": "https://access.redhat.com/errata/RHSA-2019:3024", "type": "redhat", "title": "(RHSA-2019:3024) Moderate: ovirt-web-ui security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-10T16:38:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10735", "CVE-2018-20676", "CVE-2018-20677", "CVE-2019-11358", "CVE-2019-8331"], "description": "The ovirt-engine-ui-extensions package contains UI plugins that provide various extensions to the oVirt administration UI.\n\nSecurity Fix(es):\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Known moderate severity security vulnerability detected by GitHub on ovirt-engine-ui-extensions components (BZ#1694035)", "modified": "2019-10-10T19:28:16", "published": "2019-10-10T18:49:36", "id": "RHSA-2019:3023", "href": "https://access.redhat.com/errata/RHSA-2019:3023", "type": "redhat", "title": "(RHSA-2019:3023) Moderate: ovirt-engine-ui-extensions security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-24T02:02:36", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11252", "CVE-2019-11254", "CVE-2019-11358", "CVE-2020-10749", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-8558", "CVE-2020-9283"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\n* kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n* js-jquery: prototype pollution in object's prototype led to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n* containernetworking/plugins: IPv6 router advertisements allowed for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-24T04:24:13", "published": "2020-07-13T21:07:56", "id": "RHSA-2020:2412", "href": "https://access.redhat.com/errata/RHSA-2020:2412", "type": "redhat", "title": "(RHSA-2020:2412) Moderate: OpenShift Container Platform 4.5 container image security update", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T10:20:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9251", "CVE-2016-10735", "CVE-2018-14040", "CVE-2018-14042", "CVE-2018-20676", "CVE-2018-20677", "CVE-2019-11358", "CVE-2019-8331", "CVE-2020-11022", "CVE-2020-1722"], "description": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "modified": "2020-11-04T05:01:39", "published": "2020-11-03T17:25:36", "id": "RHSA-2020:4670", "href": "https://access.redhat.com/errata/RHSA-2020:4670", "type": "redhat", "title": "(RHSA-2020:4670) Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-07T18:04:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9251", "CVE-2016-10735", "CVE-2018-14040", "CVE-2018-14042", "CVE-2018-20676", "CVE-2018-20677", "CVE-2019-11358", "CVE-2019-8331", "CVE-2020-11022", "CVE-2020-1722"], "description": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nThe following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:41:26", "published": "2020-09-29T11:44:46", "id": "RHSA-2020:3936", "href": "https://access.redhat.com/errata/RHSA-2020:3936", "type": "redhat", "title": "(RHSA-2020:3936) Moderate: ipa security, bug fix, and enhancement update", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-09-14T18:12:20", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:1325 advisory.\n\n - js-jquery: prototype pollution in object's prototype\n leading to denial of service or remote code execution or\n property injection (CVE-2019-11358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-04-07T00:00:00", "title": "RHEL 8 : python-XStatic-jQuery (RHSA-2020:1325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2020-04-07T00:00:00", "cpe": ["cpe:/a:redhat:openstack:15::el8", "cpe:/a:redhat:openstack:15", "p-cpe:/a:redhat:enterprise_linux:python3-XStatic-jQuery", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2020-1325.NASL", "href": "https://www.tenable.com/plugins/nessus/135256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1325. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135256);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/21\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_bugtraq_id(108023);\n script_xref(name:\"RHSA\", value:\"2020:1325\");\n\n script_name(english:\"RHEL 8 : python-XStatic-jQuery (RHSA-2020:1325)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:1325 advisory.\n\n - js-jquery: prototype pollution in object's prototype\n leading to denial of service or remote code execution or\n property injection (CVE-2019-11358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11358\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-XStatic-jQuery package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openstack:15\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openstack:15::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-XStatic-jQuery\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'python3-XStatic-jQuery-3.4.1.0-1.el8ost', 'release':'8', 'el_string':'el8ost', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_spec_vers_cmp) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;\n }\n else\n {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-XStatic-jQuery');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T02:33:47", "description": "- https://www.drupal.org/project/drupal/releases/7.66\n\n - https://www.drupal.org/SA-CORE-2019-006\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-05-09T00:00:00", "title": "Fedora 30 : drupal7 (2019-2a0ce0c58c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:drupal7"], "id": "FEDORA_2019-2A0CE0C58C.NASL", "href": "https://www.tenable.com/plugins/nessus/124699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-2a0ce0c58c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124699);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_xref(name:\"FEDORA\", value:\"2019-2a0ce0c58c\");\n\n script_name(english:\"Fedora 30 : drupal7 (2019-2a0ce0c58c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"- https://www.drupal.org/project/drupal/releases/7.66\n\n - https://www.drupal.org/SA-CORE-2019-006\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2a0ce0c58c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/SA-CORE-2019-006\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected drupal7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"drupal7-7.66-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"drupal7\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:42:09", "description": "It was discovered that the jQuery version embedded in OTRS, a ticket\nrequest system, was prone to a cross site scripting vulnerability in\njQuery.extend().\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n3.3.18-1+deb8u14.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-02-25T00:00:00", "title": "Debian DLA-2118-1 : otrs2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2020-02-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:otrs2", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:otrs"], "id": "DEBIAN_DLA-2118.NASL", "href": "https://www.tenable.com/plugins/nessus/133967", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2118-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133967);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-11358\");\n\n script_name(english:\"Debian DLA-2118-1 : otrs2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the jQuery version embedded in OTRS, a ticket\nrequest system, was prone to a cross site scripting vulnerability in\njQuery.extend().\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n3.3.18-1+deb8u14.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/otrs2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected otrs, and otrs2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"otrs\", reference:\"3.3.18-1+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"otrs2\", reference:\"3.3.18-1+deb8u14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-22T05:50:43", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:5581 advisory.\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or\n property injection (CVE-2019-11358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-12-18T00:00:00", "title": "RHEL 7 : python-XStatic-jQuery (RHSA-2020:5581)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2020-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-XStatic-jQuery", "cpe:/a:redhat:openstack:13", "cpe:/o:redhat:enterprise_linux:7", "cpe:/a:redhat:openstack:13::el7"], "id": "REDHAT-RHSA-2020-5581.NASL", "href": "https://www.tenable.com/plugins/nessus/144388", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5581. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144388);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_bugtraq_id(108023);\n script_xref(name:\"RHSA\", value:\"2020:5581\");\n\n script_name(english:\"RHEL 7 : python-XStatic-jQuery (RHSA-2020:5581)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:5581 advisory.\n\n - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or\n property injection (CVE-2019-11358)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1701972\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-XStatic-jQuery package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openstack:13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openstack:13::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-XStatic-jQuery\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openstack_13_el7': [\n 'rhel-7-desktop-openstack-13-tools-debug-rpms',\n 'rhel-7-desktop-openstack-13-tools-rpms',\n 'rhel-7-desktop-openstack-13-tools-source-rpms',\n 'rhel-7-server-openstack-13-debug-rpms',\n 'rhel-7-server-openstack-13-deployment-tools-debug-rpms',\n 'rhel-7-server-openstack-13-deployment-tools-rpms',\n 'rhel-7-server-openstack-13-deployment-tools-source-rpms',\n 'rhel-7-server-openstack-13-devtools-debug-rpms',\n 'rhel-7-server-openstack-13-devtools-rpms',\n 'rhel-7-server-openstack-13-devtools-source-rpms',\n 'rhel-7-server-openstack-13-eus-debug-rpms',\n 'rhel-7-server-openstack-13-eus-rpms',\n 'rhel-7-server-openstack-13-eus-source-rpms',\n 'rhel-7-server-openstack-13-octavia-debug-rpms',\n 'rhel-7-server-openstack-13-octavia-eus-debug-rpms',\n 'rhel-7-server-openstack-13-octavia-eus-rpms',\n 'rhel-7-server-openstack-13-octavia-eus-source-rpms',\n 'rhel-7-server-openstack-13-octavia-rpms',\n 'rhel-7-server-openstack-13-octavia-source-rpms',\n 'rhel-7-server-openstack-13-rpms',\n 'rhel-7-server-openstack-13-source-rpms',\n 'rhel-7-server-openstack-13-tools-debug-rpms',\n 'rhel-7-server-openstack-13-tools-rpms',\n 'rhel-7-server-openstack-13-tools-source-rpms',\n 'rhel-7-workstation-openstack-13-tools-debug-rpms',\n 'rhel-7-workstation-openstack-13-tools-rpms',\n 'rhel-7-workstation-openstack-13-tools-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5581');\n}\n\npkgs = [\n {'reference':'python-XStatic-jQuery-2.2.4.1-3.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openstack_13_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-XStatic-jQuery');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T03:35:36", "description": "The version of JQuery library hosted on the remote web\nserver is prior to 3.4.0. It is, therefore, affected by\nan object pollution vulnerability in \njQuery.extend(true, {}, ...) because of Object.prototype\npollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native\nObject.prototype.", "edition": 19, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-05-10T00:00:00", "title": "JQuery < 3.4.0 Object Prototype Pollution Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2021-03-02T00:00:00", "cpe": [], "id": "JQUERY_3_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/124719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124719);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_bugtraq_id(108023);\n\n script_name(english:\"JQuery < 3.4.0 Object Prototype Pollution Vulnerability\");\n script_summary(english:\"Checks the version of JQuery.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an object pollution \nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of JQuery library hosted on the remote web\nserver is prior to 3.4.0. It is, therefore, affected by\nan object pollution vulnerability in \njQuery.extend(true, {}, ...) because of Object.prototype\npollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native\nObject.prototype.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to JQuery version 3.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11358\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jquery_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/jquery\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = 'jquery';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{'fixed_version':'3.4.0'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T02:39:19", "description": "- https://www.drupal.org/project/drupal/releases/7.66\n\n - https://www.drupal.org/SA-CORE-2019-006\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-05-09T00:00:00", "title": "Fedora 29 : drupal7 (2019-a06dffab1c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:drupal7"], "id": "FEDORA_2019-A06DFFAB1C.NASL", "href": "https://www.tenable.com/plugins/nessus/124700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-a06dffab1c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124700);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_xref(name:\"FEDORA\", value:\"2019-a06dffab1c\");\n\n script_name(english:\"Fedora 29 : drupal7 (2019-a06dffab1c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"- https://www.drupal.org/project/drupal/releases/7.66\n\n - https://www.drupal.org/SA-CORE-2019-006\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a06dffab1c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/SA-CORE-2019-006\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected drupal7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"drupal7-7.66-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"drupal7\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T02:40:53", "description": "- https://www.drupal.org/project/drupal/releases/7.66\n\n - https://www.drupal.org/SA-CORE-2019-006\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-05-09T00:00:00", "title": "Fedora 28 : drupal7 (2019-f563e66380)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:drupal7", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-F563E66380.NASL", "href": "https://www.tenable.com/plugins/nessus/124703", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f563e66380.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124703);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2019-11358\");\n script_xref(name:\"FEDORA\", value:\"2019-f563e66380\");\n\n script_name(english:\"Fedora 28 : drupal7 (2019-f563e66380)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"- https://www.drupal.org/project/drupal/releases/7.66\n\n - https://www.drupal.org/SA-CORE-2019-006\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f563e66380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/SA-CORE-2019-006\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected drupal7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"drupal7-7.66-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"drupal7\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:40:45", "description": "Several security vulnerabilities have been discovered in drupal7, a\nPHP website platform. The vulnerabilities affect the embedded\nversions of the jQuery JavaScript library and the Typo3 Phar Stream\nWrapper library.\n\nCVE-2019-11358\n\nIt was discovered that the jQuery version embedded in Drupal was prone\nto a cross site scripting vulnerability in jQuery.extend().\n\nFor additional information, please refer to the upstream\nadvisory at https://www.drupal.org/sa-core-2019-006.\n\nCVE-2019-11831\n\nIt was discovered that incomplete validation in a Phar processing\nlibrary embedded in Drupal, a fully-featured content management\nframework, could result in information disclosure.\n\nFor additional information, please refer to the upstream\nadvisory at https://www.drupal.org/sa-core-2019-007.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n7.32-1+deb8u17.\n\nWe recommend that you upgrade your drupal7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-21T00:00:00", "title": "Debian DLA-1797-1 : drupal7 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358", "CVE-2019-11831"], "modified": "2019-05-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:drupal7"], "id": "DEBIAN_DLA-1797.NASL", "href": "https://www.tenable.com/plugins/nessus/125298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1797-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125298);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-11358\", \"CVE-2019-11831\");\n\n script_name(english:\"Debian DLA-1797-1 : drupal7 security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities have been discovered in drupal7, a\nPHP website platform. The vulnerabilities affect the embedded\nversions of the jQuery JavaScript library and the Typo3 Phar Stream\nWrapper library.\n\nCVE-2019-11358\n\nIt was discovered that the jQuery version embedded in Drupal was prone\nto a cross site scripting vulnerability in jQuery.extend().\n\nFor additional information, please refer to the upstream\nadvisory at https://www.drupal.org/sa-core-2019-006.\n\nCVE-2019-11831\n\nIt was discovered that incomplete validation in a Phar processing\nlibrary embedded in Drupal, a fully-featured content management\nframework, could result in information disclosure.\n\nFor additional information, please refer to the upstream\nadvisory at https://www.drupal.org/sa-core-2019-007.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n7.32-1+deb8u17.\n\nWe recommend that you upgrade your drupal7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/sa-core-2019-006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/sa-core-2019-007\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected drupal7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"drupal7\", reference:\"7.32-1+deb8u17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-26T14:27:22", "description": "According to its self-reported version, the Tenable SecurityCenter\napplication installed on the remote host is earlier than 5.14.0. It is,\ntherefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues nor the stand-alone\npatch but has instead relied only on the application's self-reported\nversion number.", "edition": 2, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2021-02-19T00:00:00", "title": "Tenable SecurityCenter < 5.14.0 Multiple Vulnerabilities (TNS-2020-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358", "CVE-2020-5737"], "modified": "2021-02-19T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_14_0_TNS_2020_02.NASL", "href": "https://www.tenable.com/plugins/nessus/146621", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146621);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\"CVE-2019-11358\", \"CVE-2020-5737\");\n\n script_name(english:\"Tenable SecurityCenter < 5.14.0 Multiple Vulnerabilities (TNS-2020-02)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter\napplication installed on the remote host is earlier than 5.14.0. It is,\ntherefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues nor the stand-alone\npatch but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2020-02\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.14.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11358\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nport = get_http_port(default:443, dont_exit:TRUE);\napp_info = vcf::tenable_sc::get_app_info(port:port);\n\nconstraints = [\n {'fixed_version':'5.14.0', 'fixed_display':'5.14.1'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T03:00:43", "description": "Django security releases issued :\n\nThe clickable 'Current URL' link generated by AdminURLFieldWidget\ndisplayed the provided value without validating it as a safe URL.\nThus, an unvalidated value stored in the database, or a value provided\nas a URL query parameter payload, could result in an clickable\nJavaScript link..\n\njQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because\nof Object.prototype pollution. If an unsanitized source object\ncontained an enumerable __proto__ property, it could extend the native\nObject.prototype.", "edition": 20, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2019-06-07T00:00:00", "title": "FreeBSD : Django -- AdminURLFieldWidget XSS (ffc73e87-87f0-11e9-ad56-fcaa147e860e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11358", "CVE-2019-12308"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:py35-django111", "p-cpe:/a:freebsd:freebsd:py37-django111", "p-cpe:/a:freebsd:freebsd:py36-django111", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:py35-django21", "p-cpe:/a:freebsd:freebsd:py37-django22", "p-cpe:/a:freebsd:freebsd:py36-django21", "p-cpe:/a:freebsd:freebsd:py36-django22", "p-cpe:/a:freebsd:freebsd:py27-django111", "p-cpe:/a:freebsd:freebsd:py35-django22", "p-cpe:/a:freebsd:freebsd:py37-django21"], "id": "FREEBSD_PKG_FFC73E8787F011E9AD56FCAA147E860E.NASL", "href": "https://www.tenable.com/plugins/nessus/125750", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125750);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11358\", \"CVE-2019-12308\");\n\n script_name(english:\"FreeBSD : Django -- AdminURLFieldWidget XSS (ffc73e87-87f0-11e9-ad56-fcaa147e860e)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Django security releases issued :\n\nThe clickable 'Current URL' link generated by AdminURLFieldWidget\ndisplayed the provided value without validating it as a safe URL.\nThus, an unvalidated value stored in the database, or a value provided\nas a URL query parameter payload, could result in an clickable\nJavaScript link..\n\njQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because\nof Object.prototype pollution. If an unsanitized source object\ncontained an enumerable __proto__ property, it could extend the native\nObject.prototype.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/\"\n );\n # https://vuxml.freebsd.org/freebsd/ffc73e87-87f0-11e9-ad56-fcaa147e860e.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3604114a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py27-django111\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py35-django111\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py35-django21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py35-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py36-django111\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py36-django21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py36-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-django111\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-django21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"py27-django111<1.11.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py35-django111<1.11.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py36-django111<1.11.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-django111<1.11.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py35-django21<2.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py36-django21<2.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-django21<2.1.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py35-django22<2.2.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py36-django22<2.2.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py37-django22<2.2.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-06-06T06:41:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-12308"], "description": "\nDjango security releases issued:\n\nThe clickable \"Current URL\" link generated by AdminURLFieldWidget displayed the\n\t provided value without validating it as a safe URL. Thus, an unvalidated value stored\n\t in the database, or a value provided as a URL query parameter payload, could result\n\t in an clickable JavaScript link..\njQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype\n\t pollution. If an unsanitized source object contained an enumerable __proto__ property,\n\t it could extend the native Object.prototype.\n\n", "edition": 1, "modified": "2019-06-03T00:00:00", "published": "2019-06-03T00:00:00", "id": "FFC73E87-87F0-11E9-AD56-FCAA147E860E", "href": "https://vuxml.freebsd.org/freebsd/ffc73e87-87f0-11e9-ad56-fcaa147e860e.html", "title": "Django -- AdminURLFieldWidget XSS", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-19T23:41:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-12472", "CVE-2019-12474", "CVE-2019-12471", "CVE-2019-12473", "CVE-2019-12470", "CVE-2019-12467", "CVE-2019-12466", "CVE-2019-12469", "CVE-2019-12468"], "description": "\nMediawiki reports:\n\nSecurity fixes:\n\t T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow\n\t for bypassing reauthentication, allowing for potential account takeover.\n\t T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS\n\t by querying the entire `watchlist` table.\n\t T207603, CVE-2019-12471: Loading user JavaScript from a non-existent account\n\t allows anyone to create the account, and XSS the users' loading that script.\n\t T208881: blacklist CSS var().\n\t T199540, CVE-2019-12472: It is possible to bypass the limits on IP range\n\t blocks (`$wgBlockCIDRLimit`) by using the API.\n\t T212118, CVE-2019-12474: Privileged API responses that include whether a\n\t recent change has been patrolled may be cached publicly.\n\t T209794, CVE-2019-12467: A spammer can use Special:ChangeEmail to send out\n\t spam with no rate limiting or ability to block them.\n\t T25227, CVE-2019-12466: An account can be logged out without using a token(CRRF)\n\t T222036, CVE-2019-12469: Exposed suppressed username or log in Special:EditTags.\n\t T222038, CVE-2019-12470: Exposed suppressed log in RevisionDelete page.\n\t T221739, CVE-2019-11358: Fix potential XSS in jQuery.\n\n", "edition": 3, "modified": "2019-04-23T00:00:00", "published": "2019-04-23T00:00:00", "id": "3C5A4FE0-9EBB-11E9-9169-FCAA147E860E", "href": "https://vuxml.freebsd.org/freebsd/3c5a4fe0-9ebb-11e9-9169-fcaa147e860e.html", "title": "mediawiki -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-12308"], "description": "Arch Linux Security Advisory ASA-201906-2\n=========================================\n\nSeverity: Medium\nDate : 2019-06-04\nCVE-ID : CVE-2019-11358 CVE-2019-12308\nPackage : python-django\nType : cross-site scripting\nRemote : Yes\nLink : https://security.archlinux.org/AVG-969\n\nSummary\n=======\n\nThe package python-django before version 2.2.2-1 is vulnerable to\ncross-site scripting.\n\nResolution\n==========\n\nUpgrade to 2.2.2-1.\n\n# pacman -Syu \"python-django>=2.2.2-1\"\n\nThe problems have been fixed upstream in version 2.2.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-11358 (cross-site scripting)\n\njQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of\nObject.prototype pollution. If an unsanitized source object contained\nan enumerable __proto__ property, it could extend the native\nObject.prototype.\n\nThe bundled version of jQuery used by the Django admin has been patched\nto allow for the select2 library's use of jQuery.extend().\n\n- CVE-2019-12308 (cross-site scripting)\n\nThe clickable \"Current URL\" link generated by AdminURLFieldWidget\ndisplayed the provided value without validating it as a safe URL. Thus,\nan unvalidated value stored in the database, or a value provided as a\nURL query parameter payload, could result in an clickable JavaScript\nlink.\n\nAdminURLFieldWidget now validates the provided value using URLValidator\nbefore displaying the clickable link. You may customise the validator\nby passing a validator_class kwarg to AdminURLFieldWidget.__init__(),\ne.g. when using ModelAdmin.formfield_overrides.\n\nImpact\n======\n\nA remote attacker is able to execute javascript and create html content\nin the admin view or by extending the native Object.prototype via\njQuery.extend.\n\nReferences\n==========\n\nhttps://www.djangoproject.com/weblog/2019/jun/03/security-releases/\nhttps://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad\nhttps://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673\nhttps://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b\nhttps://security.archlinux.org/CVE-2019-11358\nhttps://security.archlinux.org/CVE-2019-12308", "modified": "2019-06-04T00:00:00", "published": "2019-06-04T00:00:00", "id": "ASA-201906-2", "href": "https://security.archlinux.org/ASA-201906-2", "type": "archlinux", "title": "[ASA-201906-2] python-django: cross-site scripting", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2019-08-08T22:31:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-14233", "CVE-2019-14235", "CVE-2019-12781", "CVE-2019-14234", "CVE-2019-12308", "CVE-2019-14232"], "description": "This update for python-Django fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-11358: Fixed prototype pollution.\n - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)\n - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy\n connecting via HTTPS (bsc#1139945).\n - CVE-2019-14232: Fixed denial-of-service possibility in\n ``django.utils.text.Truncator`` (bsc#1142880).\n - CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()``\n (bsc#1142882).\n - CVE-2019-14234: Fixed SQL injection possibility in key and index lookups\n for ``JSONField``/``HStoreField`` (bsc#1142883).\n - CVE-2019-14235: Fixed potential memory exhaustion in\n ``django.utils.encoding.uri_to_iri()`` (bsc#1142885).\n\n Non-security issues fixed:\n\n - Fixed a migration crash on PostgreSQL when adding a check constraint\n with a contains lookup on DateRangeField or DateTimeRangeField, if the\n right hand side of an expression is the same type.\n\n", "edition": 1, "modified": "2019-08-08T21:11:27", "published": "2019-08-08T21:11:27", "id": "OPENSUSE-SU-2019:1839-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "title": "Security update for python-Django (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-14T16:32:07", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11358", "CVE-2019-14233", "CVE-2019-14235", "CVE-2019-12781", "CVE-2019-14234", "CVE-2019-12308", "CVE-2019-14232"], "description": "This update for python-Django fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-11358: Fixed prototype pollution.\n - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)\n - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy\n connecting via HTTPS (bsc#1139945).\n - CVE-2019-14232: Fixed denial-of-service possibility in\n ``django.utils.text.Truncator`` (bsc#1142880).\n - CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()``\n (bsc#1142882).\n - CVE-2019-14234: Fixed SQL injection possibility in key and index lookups\n for ``JSONField``/``HStoreField`` (bsc#1142883).\n - CVE-2019-14235: Fixed potential memory exhaustion in\n ``django.utils.encoding.uri_to_iri()`` (bsc#1142885).\n\n Non-security issues fixed:\n\n - Fixed a migration crash on PostgreSQL when adding a check constraint\n with a contains lookup on DateRangeField or DateTimeRangeField, if the\n right hand side of an expression is the same type.\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n", "edition": 1, "modified": "2019-08-14T15:23:36", "published": "2019-08-14T15:23:36", "id": "OPENSUSE-SU-2019:1872-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "title": "Security update for python-Django (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2020-10-20T23:11:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9251", "CVE-2019-11358", "CVE-2020-11022", "CVE-2019-8331", "CVE-2018-20677", "CVE-2018-14042", "CVE-2020-1722", "CVE-2016-10735", "CVE-2018-14040", "CVE-2018-20676"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3936\n\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nThe following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-October/012733.html\n\n**Affected packages:**\nipa-client\nipa-client-common\nipa-common\nipa-python-compat\nipa-server\nipa-server-common\nipa-server-dns\nipa-server-trust-ad\npython2-ipaclient\npython2-ipalib\npython2-ipaserver\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-10-20T18:15:27", "published": "2020-10-20T18:15:27", "id": "CESA-2020:3936", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012733.html", "title": "ipa, python2 security update", "type": "centos", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-07T06:51:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-9251", "CVE-2019-11358", "CVE-2020-11022", "CVE-2019-8331", "CVE-2018-20677", "CVE-2018-14042", "CVE-2020-1722", "CVE-2016-10735", "CVE-2018-14040", "CVE-2018-20676"], "description": "[4.6.8-5.0.1]\n- Blank out header-logo.png product-name.png\n- Replace login-screen-logo.png [Orabug: 20362818]\n[4.6.8-5.el7]\n- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp\n - ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset\n[4.6.8-4.el7]\n- Resolves: #1842950 ipa-adtrust-install fails when replica is offline\n - ipa-adtrust-install: avoid failure when replica is offline\n- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n - WebUI: Apply jQuery patch to fix htmlPrefilter issue\n[4.6.8-3.el7]\n- Resolves: #1834385 Man page syntax issue detected by rpminspect\n - Man pages: fix syntax issues\n- Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case\n - Make check_required_principal() case-insensitive\n- Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3\n - ipa-advise: fallback to /usr/libexec/platform-python if python3 not found\n- Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests\n - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1\n- Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in objects prototype leading to denial of service or remote code execution or property injection\n - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1\n[4.6.8-2.el7]\n- Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service\n - Add interactive prompt for the LDAP bind password to ipa-getkeytab\n - CVE-2020-1722: prevent use of too long passwords\n[4.6.8-1.el7]\n- Resolves: #1819725 - Rebase IPA to latest 4.6.x version\n- Resolves: #1817927 - host-add --password logs cleartext userpassword to Apache error log\n- Resolves: #1817923 - IPA upgrade is failing with error 'Failed to get request: bus, object_path and dbus_interface must not be None.'\n- Resolves: #1817922 - covscan memory leaks report\n- Resolves: #1817919 - Enable compat tree to provide information about AD users and groups on trust agents\n- Resolves: #1817918 - Secure tomcat AJP connector\n- Resolves: #1817886 - ipa group-add-member: prevent adding IPA objects as external members\n- Resolves: #1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd\n[4.6.6-12.el7]\n- Resolves: #1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6\n- Resolves: #1404770 - ID Views: do not allow custom Views for the masters\n - idviews: prevent applying to a master\n- Resolves: #1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems\n - install/updates: move external members past schema compat update\n- Resolves: #1795890 - ipa-pkinit-manage enable fails on replica if it doesnt host the CA\n - pkinit setup: fix regression on master install\n - pkinit enable: use local dogtag only if host has CA\n- Resolves: #1788907 - Renewed certs are not picked up by IPA CAs\n - Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit\n- Resolves: #1780548 - Man page ipa-cacert-manage does not display correctly on RHEL\n - ipa-cacert-manage man page: fix indentation\n- Resolves: #1782587 - add 'systemctl restart sssd' to warning message when adding trust agents to replicas\n - adtrust.py: mention restarting sssd when adding trust agents\n- Resolves: #1771356 - Default client configuration breaks ssh in FIPS mode\n - Use default ssh host key algorithms\n- Resolves: #1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client\n - smartcard: make the ipa-advise script compatible with authselect/authconfig\n- Resolves: #1758406 - KRA authentication fails when IPA CA has custom Subject DN\n - upgrade: fix ipakra people entry 'description' attribute\n - krainstance: set correct issuer DN in uid=ipakra entry\n- Resolves: #1756568 - ipa-server-certinstall man page does not match built-in help\n - ipa-server-certinstall manpage: add missing options\n- Resolves: #1206690 - UPG not being enforced properly\n - ipa user_add: do not check group if UPG is disabled\n- Resolves: #1811982 - CVE-2018-14042 ipa: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip.\n- Resolves: #1811978 - CVE-2018-14040 ipa: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n- Resolves: #1811972 - CVE-2016-10735 ipa: bootstrap: XSS in the data-target attribute\n- Resolves: #1811969 -CVE-2018-20676 ipa: bootstrap: XSS in the tooltip data-viewport attribute\n- Resolves: #1811966 - CVE-2018-20677 ipa: bootstrap: XSS in the affix configuration target property\n- Resolves: #1811962 - CVE-2019-8331 ipa: bootstrap: XSS in the tooltip or popover data-template attribute\n - Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1\n- Resolves: #1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements\n - WebUI: Fix notification area layout\n- Resolves: #1545755 - ipa-replica-prepare should not update pki admin password\n - Fix indentation levels\n - ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN\n - ipa-pwd-extop: dont check password policy for non-Kerberos account set by DM or a passsync manager\n - Dont save password history on non-Kerberos accounts", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-3936", "href": "http://linux.oracle.com/errata/ELSA-2020-3936.html", "title": "ipa security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}]}