Fedora 36 : ckeditor (2022-b61dfd219b)

2022-12-2100:00:00

www.tenable.com

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory.

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.
The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. (CVE-2022-24728)
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2022-b61dfd219b
#

include('compat.inc');

if (description)
{
  script_id(169023);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/12");

  script_cve_id(
    "CVE-2021-41164",
    "CVE-2021-41165",
    "CVE-2022-24728",
    "CVE-2022-24729"
  );
  script_xref(name:"FEDORA", value:"2022-b61dfd219b");

  script_name(english:"Fedora 36 : ckeditor (2022-b61dfd219b)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2022-b61dfd219b advisory.

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered
    in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The
    vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in
    executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has
    been recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41164)

  - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered
    in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability
    allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing
    JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been
    recognized and patched. The fix will be available in version 4.17.0. (CVE-2021-41165)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered
    in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0.
    The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could
    result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently
    no known workarounds. (CVE-2022-24728)

  - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0
    contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input
    validator regular expression, which can cause a significant performance drop resulting in a browser tab
    freeze. A patch is available in version 4.18.0. There are currently no known workarounds. (CVE-2022-24729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2022-b61dfd219b");
  script_set_attribute(attribute:"solution", value:
"Update the affected ckeditor package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24728");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:36");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ckeditor");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^36([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'ckeditor-4.20.0-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ckeditor');
}

VendorProductVersionCPE
fedoraprojectfedora36cpe:/o:fedoraproject:fedora:36
fedoraprojectfedorackeditorp-cpe:/a:fedoraproject:fedora:ckeditor

Vendor	Product	Version	CPE
fedoraproject	fedora	36	cpe:/o:fedoraproject:fedora:36
fedoraproject	fedora	ckeditor	p-cpe:/a:fedoraproject:fedora:ckeditor

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729

bodhi.fedoraproject.org/updates/FEDORA-2022-b61dfd219b

JSON

Related for FEDORA_2022-B61DFD219B.NASL