Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5340-2.NASL
HistoryOct 23, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

2023-10-2300:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory.

  • Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.
    (CVE-2018-9861)

  • A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted protected comment (with the cke_protected syntax). (CVE-2020-9281)

  • ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
    (CVE-2021-32809)

  • A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. (CVE-2021-33829)

  • ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. (CVE-2021-37695)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5340-2. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183711);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id(
    "CVE-2018-9861",
    "CVE-2020-9281",
    "CVE-2021-32809",
    "CVE-2021-33829",
    "CVE-2021-37695"
  );
  script_xref(name:"IAVA", value:"2021-A-0384-S");
  script_xref(name:"USN", value:"5340-2");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-5340-2 advisory.

  - Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in
    versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2
    and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.
    (CVE-2018-9861)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows
    remote attackers to inject arbitrary web script through a crafted protected comment (with the
    cke_protected syntax). (CVE-2020-9281)

  - ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has
    been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The
    vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting
    arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version
    >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
    (CVE-2021-32809)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x
    before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment
    because --!> is mishandled. (CVE-2021-33829)

  - ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has
    been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The
    vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript
    code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has
    been recognized and patched. The fix will be available in version 4.16.2. (CVE-2021-37695)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5340-2");
  script_set_attribute(attribute:"solution", value:
"Update the affected ckeditor package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33829");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ckeditor");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'ckeditor', 'pkgver': '4.5.7+dfsg-2ubuntu0.16.04.1~esm1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ckeditor');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linuxckeditorp-cpe:/a:canonical:ubuntu_linux:ckeditor

Related

ubuntu 2
osv 16
openvas 31
nessus 16
fedora 14
ibm 11
debian 1
github 6
ubuntucve 5
veracode 4
prion 6
cve 6
debiancve 3
archlinux 1
redhatcve 2
drupal 1
fortinet 1
oracle 7
ubuntu
ubuntu
CKEditor vulnerabilities
2022-03-23 00:00:00
CKEditor vulnerabilities
2022-03-22 00:00:00
osv
osv
ckeditor vulnerabilities
2022-03-22 16:43:31
ckeditor vulnerabilities
2022-03-23 08:57:25
ckeditor - security update
2021-11-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5340-2)
2023-01-27 00:00:00
Ubuntu: Security Advisory (USN-5340-1)
2022-03-23 00:00:00
Fedora: Security Advisory for ckeditor (FEDORA-2021-51457da891)
2021-10-02 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : CKEditor vulnerabilities (USN-5340-1)
2022-03-22 00:00:00
Debian DLA-2813-1 : ckeditor - LTS security update
2021-11-10 00:00:00
Drupal 9.1.x < 9.1.12 Third-Party Library Vulnerability
2021-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: ckeditor-4.16.2-1.fc35
2021-09-24 20:59:27
[SECURITY] Fedora 33 Update: ckeditor-4.16.2-1.fc33
2021-09-29 01:10:13
[SECURITY] Fedora 34 Update: ckeditor-4.16.2-1.fc34
2021-09-29 01:10:12
ibm
ibm
Security Bulletin: Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695)
2023-09-21 09:50:25
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
2023-04-24 14:55:04
Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2021-33829)
2021-08-25 17:32:28
debian
debian
[SECURITY] [DLA 2813-1] ckeditor security update
2021-11-09 08:52:03
github
github
CKEditor 4 vulnerabilities in versions <4.16.1
2021-08-23 19:42:05
ckeditor4 vulnerable to cross-site scripting
2021-06-21 17:16:42
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.
2021-08-23 19:42:15
ubuntucve
ubuntucve
CVE-2021-37695
2021-08-13 00:00:00
CVE-2021-32809
2021-08-12 00:00:00
CVE-2021-33829
2021-06-09 00:00:00
veracode
veracode
Command Injection
2021-08-19 08:55:23
Cross-site Scripting (XSS)
2020-03-09 03:15:29
Cross-site Scripting (XSS)
2021-06-11 08:14:10
prion
prion
Design/Logic Flaw
2021-08-13 00:15:00
Design/Logic Flaw
2021-08-12 17:15:00
Cross site scripting
2021-06-09 12:15:00
cve
cve
CVE-2021-37695
2021-08-13 00:15:00
CVE-2021-33829
2021-06-09 12:15:00
CVE-2021-32809
2021-08-12 17:15:00
debiancve
debiancve
CVE-2021-32809
2021-08-12 17:15:00
CVE-2021-33829
2021-06-09 12:15:00
CVE-2021-37695
2021-08-13 00:15:00
archlinux
archlinux
[ASA-202106-35] drupal: cross-site scripting
2021-06-15 00:00:00
redhatcve
redhatcve
CVE-2021-37695
2022-05-20 23:58:59
CVE-2020-9281
2022-05-21 00:07:07
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003
2021-05-26 00:00:00
fortinet
fortinet
FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates
2022-11-01 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
JSON
Related for UBUNTU_USN-5340-2.NASL
ubuntu2osv16openvas31nessus16fedora14ibm11debian1github6ubuntucve5veracode4prion6cve6debiancve3archlinux1redhatcve2drupal1fortinet1oracle7