Security Updates:
[CVE-2020-9281](https://nvd.nist.gov/vuln/detail/CVE-202 0-9281) Fixed XSS vulnerability in the HTML data processor reported by [Michał
Bentkowski](https://twitter.com/securitymb) of Securitum.Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
[CVE-2020-9440](https://nvd.nist.gov/vuln/detail/CVE-202 0-9440) Fixed XSS vulnerability in the WebSpellChecker Dialog plugin reported by [Pham Van Khanh](https://twitter.com/rskvp93) from Viettel Cyber Security.
Issue summary: It was possible to execute XSS using CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, then (iii) switch back to WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor editable area.
An upgrade is highly recommended!
New features :
[#2374](https://github.com/ckeditor/ckeditor4/issues/237 4): Added support for pasting rich content from LibreOffice Writer with the [Paste from LibreOffice](https://ckeditor.com/cke4/addon/pastefromli breoffice) plugin.
[#2583](https://github.com/ckeditor/ckeditor4/issues/258 3): Changed [emoji](https://ckeditor.com/cke4/addon/emoji) suggestion box to show the matched emoji name instead of an ID.
[#3748](https://github.com/ckeditor/ckeditor4/issues/374 8): Improved the [color button](https://ckeditor.com/cke4/addon/colorbutton) state to reflect the selected editor content colors.
[#3661](https://github.com/ckeditor/ckeditor4/issues/366 1): Improved the [Print](https://ckeditor.com/cke4/addon/print) plugin to respect styling rendered by the [Preview](https://ckeditor.com/cke4/addon/preview) plugin.
[#3547](https://github.com/ckeditor/ckeditor4/issues/354 7): Active [dialog](https://ckeditor.com/cke4/addon/dialog) tab now has the `aria-selected='true'` attribute.
[#3441](https://github.com/ckeditor/ckeditor4/issues/344 1): Improved [`widget.getClipboardHtml()`](https://ckeditor.com/docs/ ckeditor4/latest/api/CKEDITOR_plugins_widget.html#method
-getClipboardHtml) support for dragging and dropping multiple widgets.
Fixed Issues :
[#3587](https://github.com/ckeditor/ckeditor4/issues/358 7): [Edge, IE] Fixed:
Widget with form input elements loses focus during typing.
[#3705](https://github.com/ckeditor/ckeditor4/issues/370 5): [Safari] Fixed: Safari incorrectly removes blocks with the [`editor.extractSelectedHtml()`](https://ckeditor.com/do cs/ckeditor4/latest/api/CKEDITOR_editor.html#method-extr actSelectedHtml) method after selecting all content.
[#1306](https://github.com/ckeditor/ckeditor4/issues/130 6): Fixed: The [Font](https://ckeditor.com/cke4/addon/font) plugin creates nested HTML `<span>` tags when reapplying the same font multiple times.
[#3498](https://github.com/ckeditor/ckeditor4/issues/349 8): Fixed: The editor throws an error during the copy operation when a [widget](https://ckeditor.com/cke4/addon/widget) is partially selected.
[#2517](https://github.com/ckeditor/ckeditor4/issues/251 7): [Chrome, Firefox, Safari] Fixed: Inserting a new image when the selection partially covers an existing [enhanced image](https://ckeditor.com/cke4/addon/image2) widget throws an error.
[#3007](https://github.com/ckeditor/ckeditor4/issues/300 7): [Chrome, Firefox, Safari] Fixed: Cannot modify the editor content once the selection is released over a [widget](https://ckeditor.com/cke4/addon/widget).
[#3698](https://github.com/ckeditor/ckeditor4/issues/369 8): Fixed: Cutting the selected text when a [widget](https://ckeditor.com/cke4/addon/widget) is partially selected merges paragraphs.
API Changes :
[#3387](https://github.com/ckeditor/ckeditor4/issues/338 7): Added the [CKEDITOR.ui.richCombo.select()](https://ckeditor.com/do cs/ckeditor4/latest/api/CKEDITOR_ui_richCombo.html#metho d-select) method.
[#3727](https://github.com/ckeditor/ckeditor4/issues/372 7): Added new `textColor` and `bgColor` commands that apply the selected color chosen by the [Color Button](https://ckeditor.com/cke4/addon/colorbutton) plugin.
[#3728](https://github.com/ckeditor/ckeditor4/issues/372 8): Added new `font` and `fontSize` commands that apply the selected font style chosen by the [Font](https://ckeditor.com/cke4/addon/colorbutton) plugin.
[#3842](https://github.com/ckeditor/ckeditor4/issues/384 2): Added the [`editor.getSelectedRanges()`](https://ckeditor.com/docs /ckeditor4/latest/api/CKEDITOR_editor.html#method-getSel ectedRanges) alias.
[#3775](https://github.com/ckeditor/ckeditor4/issues/377 5): Widget [mask](https://ckeditor.com/docs/ckeditor4/latest/api/CK EDITOR_plugins_widget.html#property-mask) and [parts](https://ckeditor.com/docs/ckeditor4/latest/api/C KEDITOR_plugins_widget.html#property-parts) can now be refreshed dynamically via API calls.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-261449d821.
#
include('compat.inc');
if (description)
{
script_id(134988);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/20");
script_cve_id("CVE-2020-9281", "CVE-2020-9440");
script_xref(name:"FEDORA", value:"2020-261449d821");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Fedora 30 : ckeditor (2020-261449d821)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"## CKEditor 4.14
**Security Updates:**
-
[CVE-2020-9281](https://nvd.nist.gov/vuln/detail/CVE-202
0-9281) Fixed XSS vulnerability in the HTML data
processor reported by [Michał
Bentkowski](https://twitter.com/securitymb) of
Securitum.
	Issue summary: It was possible to execute XSS inside CKEditor
after persuading the victim to: (i) switch CKEditor to source mode,
then (ii) paste a specially crafted HTML code, prepared by the
attacker, into the opened CKEditor source area, and (iii) switch back
to WYSIWYG mode or (i) copy the specially crafted HTML code, prepared
by the attacker and (ii) paste it into CKEditor in WYSIWYG mode.
-
[CVE-2020-9440](https://nvd.nist.gov/vuln/detail/CVE-202
0-9440) Fixed XSS vulnerability in the WebSpellChecker
Dialog plugin reported by [Pham Van
Khanh](https://twitter.com/rskvp93) from Viettel Cyber
Security.
	Issue summary: It was possible to execute XSS using CKEditor after
persuading the victim to: (i) switch CKEditor to source mode, then
(ii) paste a specially crafted HTML code, prepared by the attacker,
into the opened CKEditor source area, then (iii) switch back to
WYSIWYG mode, and (iv) preview CKEditor content outside CKEditor
editable area.
**An upgrade is highly recommended!**
New features :
-
[#2374](https://github.com/ckeditor/ckeditor4/issues/237
4): Added support for pasting rich content from
LibreOffice Writer with the [Paste from
LibreOffice](https://ckeditor.com/cke4/addon/pastefromli
breoffice) plugin.
-
[#2583](https://github.com/ckeditor/ckeditor4/issues/258
3): Changed
[emoji](https://ckeditor.com/cke4/addon/emoji)
suggestion box to show the matched emoji name instead of
an ID.
-
[#3748](https://github.com/ckeditor/ckeditor4/issues/374
8): Improved the [color
button](https://ckeditor.com/cke4/addon/colorbutton)
state to reflect the selected editor content colors.
-
[#3661](https://github.com/ckeditor/ckeditor4/issues/366
1): Improved the
[Print](https://ckeditor.com/cke4/addon/print) plugin to
respect styling rendered by the
[Preview](https://ckeditor.com/cke4/addon/preview)
plugin.
-
[#3547](https://github.com/ckeditor/ckeditor4/issues/354
7): Active
[dialog](https://ckeditor.com/cke4/addon/dialog) tab now
has the `aria-selected='true'` attribute.
-
[#3441](https://github.com/ckeditor/ckeditor4/issues/344
1): Improved
[`widget.getClipboardHtml()`](https://ckeditor.com/docs/
ckeditor4/latest/api/CKEDITOR_plugins_widget.html#method
-getClipboardHtml) support for dragging and dropping
multiple
[widgets](https://ckeditor.com/cke4/addon/widget).
Fixed Issues :
-
[#3587](https://github.com/ckeditor/ckeditor4/issues/358
7): [Edge, IE] Fixed:
[Widget](https://ckeditor.com/cke4/addon/widget) with
form input elements loses focus during typing.
-
[#3705](https://github.com/ckeditor/ckeditor4/issues/370
5): [Safari] Fixed: Safari incorrectly removes blocks
with the
[`editor.extractSelectedHtml()`](https://ckeditor.com/do
cs/ckeditor4/latest/api/CKEDITOR_editor.html#method-extr
actSelectedHtml) method after selecting all content.
-
[#1306](https://github.com/ckeditor/ckeditor4/issues/130
6): Fixed: The
[Font](https://ckeditor.com/cke4/addon/font) plugin
creates nested HTML `<span>` tags when reapplying the
same font multiple times.
-
[#3498](https://github.com/ckeditor/ckeditor4/issues/349
8): Fixed: The editor throws an error during the copy
operation when a
[widget](https://ckeditor.com/cke4/addon/widget) is
partially selected.
-
[#2517](https://github.com/ckeditor/ckeditor4/issues/251
7): [Chrome, Firefox, Safari] Fixed: Inserting a new
image when the selection partially covers an existing
[enhanced image](https://ckeditor.com/cke4/addon/image2)
widget throws an error.
-
[#3007](https://github.com/ckeditor/ckeditor4/issues/300
7): [Chrome, Firefox, Safari] Fixed: Cannot modify the
editor content once the selection is released over a
[widget](https://ckeditor.com/cke4/addon/widget).
-
[#3698](https://github.com/ckeditor/ckeditor4/issues/369
8): Fixed: Cutting the selected text when a
[widget](https://ckeditor.com/cke4/addon/widget) is
partially selected merges paragraphs.
API Changes :
-
[#3387](https://github.com/ckeditor/ckeditor4/issues/338
7): Added the
[CKEDITOR.ui.richCombo.select()](https://ckeditor.com/do
cs/ckeditor4/latest/api/CKEDITOR_ui_richCombo.html#metho
d-select) method.
-
[#3727](https://github.com/ckeditor/ckeditor4/issues/372
7): Added new `textColor` and `bgColor` commands that
apply the selected color chosen by the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton)
plugin.
-
[#3728](https://github.com/ckeditor/ckeditor4/issues/372
8): Added new `font` and `fontSize` commands that apply
the selected font style chosen by the
[Font](https://ckeditor.com/cke4/addon/colorbutton)
plugin.
-
[#3842](https://github.com/ckeditor/ckeditor4/issues/384
2): Added the
[`editor.getSelectedRanges()`](https://ckeditor.com/docs
/ckeditor4/latest/api/CKEDITOR_editor.html#method-getSel
ectedRanges) alias.
-
[#3775](https://github.com/ckeditor/ckeditor4/issues/377
5): Widget
[mask](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR_plugins_widget.html#property-mask) and
[parts](https://ckeditor.com/docs/ckeditor4/latest/api/C
KEDITOR_plugins_widget.html#property-parts) can now be
refreshed dynamically via API calls.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-261449d821");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/colorbutton");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/dialog");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/emoji");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/font");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/image2");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/pastefromlibreoffice");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/preview");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/print");
script_set_attribute(attribute:"see_also", value:"https://ckeditor.com/cke4/addon/widget");
# https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor.html#method-extractSelectedHtml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83e48840");
# https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor.html#method-getSelectedRanges
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac2ddc1e");
# https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugins_widget.html#method-getClipboardHtml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1bf31ab9");
# https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugins_widget.html#property-mask
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?80168bb6");
# https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_plugins_widget.html#property-parts
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?97ea65ba");
# https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_ui_richCombo.html#method-select
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9209d626");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/1306");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/2374");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/2517");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/2583");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3007");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3387");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3441");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3498");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3547");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3587");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3661");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3698");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3705");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3727");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3728");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3748");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3775");
script_set_attribute(attribute:"see_also", value:"https://github.com/ckeditor/ckeditor4/issues/3842");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2020-9281");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2020-9440");
script_set_attribute(attribute:"see_also", value:"https://twitter.com/rskvp93");
script_set_attribute(attribute:"see_also", value:"https://twitter.com/securitymb");
script_set_attribute(attribute:"solution", value:
"Update the affected ckeditor package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9440");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/07");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ckeditor");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"ckeditor-4.14.0-1.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ckeditor");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | ckeditor | p-cpe:/a:fedoraproject:fedora:ckeditor |
fedoraproject | fedora | 30 | cpe:/o:fedoraproject:fedora:30 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9440
www.nessus.org/u?1bf31ab9
www.nessus.org/u?80168bb6
www.nessus.org/u?83e48840
www.nessus.org/u?9209d626
www.nessus.org/u?97ea65ba
www.nessus.org/u?ac2ddc1e
bodhi.fedoraproject.org/updates/FEDORA-2020-261449d821
ckeditor.com/cke4/addon/colorbutton
ckeditor.com/cke4/addon/dialog
ckeditor.com/cke4/addon/emoji
ckeditor.com/cke4/addon/font
ckeditor.com/cke4/addon/image2
ckeditor.com/cke4/addon/pastefromlibreoffice
ckeditor.com/cke4/addon/preview
ckeditor.com/cke4/addon/print
ckeditor.com/cke4/addon/widget
github.com/ckeditor/ckeditor4/issues/1306
github.com/ckeditor/ckeditor4/issues/2374
github.com/ckeditor/ckeditor4/issues/2517
github.com/ckeditor/ckeditor4/issues/2583
github.com/ckeditor/ckeditor4/issues/3007
github.com/ckeditor/ckeditor4/issues/3387
github.com/ckeditor/ckeditor4/issues/3441
github.com/ckeditor/ckeditor4/issues/3498
github.com/ckeditor/ckeditor4/issues/3547
github.com/ckeditor/ckeditor4/issues/3587
github.com/ckeditor/ckeditor4/issues/3661
github.com/ckeditor/ckeditor4/issues/3698
github.com/ckeditor/ckeditor4/issues/3705
github.com/ckeditor/ckeditor4/issues/3727
github.com/ckeditor/ckeditor4/issues/3728
github.com/ckeditor/ckeditor4/issues/3748
github.com/ckeditor/ckeditor4/issues/3775
github.com/ckeditor/ckeditor4/issues/3842
nvd.nist.gov/vuln/detail/CVE-2020-9281
nvd.nist.gov/vuln/detail/CVE-2020-9440
twitter.com/rskvp93
twitter.com/securitymb