4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
New upstream release 1.7.11
http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.11/
Bug Fixes :
Fixed compatibility with Python 2.5
Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer
New upstream release 1.7.10
http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.10/
Security Updates :
Fixed an XSS vulnerability where users could trigger script errors under certain conditions in auto-complete widgets
Web API Changes :
Added a filename field to screenshot resources, which provides the base filename (without path) of the screenshot
Added a review_url field to screenshot resources, which provides the URL to the screenshot review page
Added a thumbnail_url field to screenshot comment resources, which provides the URL to the snippet of the screenshot being commented on
Added a link_text field to file attachment comment resources, which shows the text for any link pointing to the file. This may differ depending on the comment
Added a review_url field to file attachment comment resources, which provides the URL to the review page for the file
Added a thumbnail_html field to file attachment comment resources, which provides HTML for rendering the thumbnail of the portion of the file being rendered, if any
UI Changes :
Bug Fixes :
Editing or reordering dashboard columns no longer breaks after the dashboard reloads
Relative timestamps in the dashboard no longer break after the dashboard reloads
The maximum size of the timezone has increased, allowing for longer timezone strings
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2013-11682.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(67318);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2013-2209");
script_bugtraq_id(60743);
script_xref(name:"FEDORA", value:"2013-11682");
script_name(english:"Fedora 19 : ReviewBoard-1.7.11-1.fc19 (2013-11682)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - New upstream release 1.7.11
-
http://www.reviewboard.org/docs/releasenotes/reviewboa
rd/1.7.11/
- Bug Fixes :
- Fixed compatibility with Python 2.5
- Fixed the drop-down arrow by Support and the account
name on older versions of Internet Explorer
- New upstream release 1.7.10
-
http://www.reviewboard.org/docs/releasenotes/reviewboa
rd/1.7.10/
- Security Updates :
- Fixed an XSS vulnerability where users could trigger
script errors under certain conditions in
auto-complete widgets
- Web API Changes :
- Added n ?order-by=<fieldname> query parameter for
comment resources, allowing ordering by fields such as
line numbers (for diff comments)
- Added a filename field to screenshot resources, which
provides the base filename (without path) of the
screenshot
- Added a review_url field to screenshot resources, which
provides the URL to the screenshot review page
- Added a thumbnail_url field to screenshot comment
resources, which provides the URL to the snippet of the
screenshot being commented on
- Added a link_text field to file attachment comment
resources, which shows the text for any link pointing to
the file. This may differ depending on the comment
- Added a review_url field to file attachment comment
resources, which provides the URL to the review page for
the file
- Added a thumbnail_html field to file attachment comment
resources, which provides HTML for rendering the
thumbnail of the portion of the file being rendered, if
any
- UI Changes :
- Improved the look and feel of the issue summary table.
It's cleaner and no longer looks odd with long
comment text
- Bug Fixes :
- Fixed periodic but harmless JavaScript errors when
removing elements with relative timestamps
- Editing or reordering dashboard columns no longer breaks
after the dashboard reloads
- Relative timestamps in the dashboard no longer break
after the dashboard reloads
- The maximum size of the timezone has increased, allowing
for longer timezone strings
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
script_set_attribute(
attribute:"see_also",
value:"https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
);
# http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/
script_set_attribute(
attribute:"see_also",
value:"https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=977423"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110842.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?15beef12"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected ReviewBoard package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ReviewBoard");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC19", reference:"ReviewBoard-1.7.11-1.fc19")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ReviewBoard");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | reviewboard | p-cpe:/a:fedoraproject:fedora:reviewboard |
fedoraproject | fedora | 19 | cpe:/o:fedoraproject:fedora:19 |