Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2022 Greenbone AGOPENVAS:13614125623111020130276
HistoryJan 28, 2022 - 12:00 a.m.

Mageia: Security Advisory (MGASA-2013-0276)

2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2013.0276");
  script_cve_id("CVE-2013-4301", "CVE-2013-4302", "CVE-2013-4303");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:08+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:08 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-12-19 17:37:14 +0000 (Thu, 19 Dec 2019)");

  script_name("Mageia: Security Advisory (MGASA-2013-0276)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA(2|3)");

  script_xref(name:"Advisory-ID", value:"MGASA-2013-0276");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2013-0276.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=11157");
  script_xref(name:"URL", value:"http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html");
  script_xref(name:"URL", value:"https://www.mediawiki.org/wiki/Release_notes/1.20");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2013-0276 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Full path disclosure in MediaWiki before 1.20.7, when an invalid language
is specified in ResourceLoader (CVE-2013-4301).

Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens
to be accessed via JSONP (CVE-2013-4302).

An issue with the MediaWiki API in MediaWiki before 1.20.7 where an
invalid property name could be used for XSS with older versions of
Internet Explorer (CVE-2013-4303).");

  script_tag(name:"affected", value:"'mediawiki' package(s) on Mageia 2, Mageia 3.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA2") {

  if(!isnull(res = isrpmvuln(pkg:"mediawiki", rpm:"mediawiki~1.20.7~1.mga2", rls:"MAGEIA2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mediawiki-mysql", rpm:"mediawiki-mysql~1.20.7~1.mga2", rls:"MAGEIA2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mediawiki-pgsql", rpm:"mediawiki-pgsql~1.20.7~1.mga2", rls:"MAGEIA2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mediawiki-sqlite", rpm:"mediawiki-sqlite~1.20.7~1.mga2", rls:"MAGEIA2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "MAGEIA3") {

  if(!isnull(res = isrpmvuln(pkg:"mediawiki", rpm:"mediawiki~1.20.7~1.mga3", rls:"MAGEIA3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mediawiki-mysql", rpm:"mediawiki-mysql~1.20.7~1.mga3", rls:"MAGEIA3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mediawiki-pgsql", rpm:"mediawiki-pgsql~1.20.7~1.mga3", rls:"MAGEIA3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"mediawiki-sqlite", rpm:"mediawiki-sqlite~1.20.7~1.mga3", rls:"MAGEIA3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

fedora 3
nessus 7
openvas 8
mageia 1
securityvulns 2
debiancve 3
prion 3
debian 1
cve 3
ubuntucve 3
gentoo 1
fedora
fedora
[SECURITY] Fedora 19 Update: mediawiki-1.21.2-1.fc19
2013-09-20 16:26:42
[SECURITY] Fedora 20 Update: mediawiki-1.21.2-1.fc20
2013-09-23 00:16:58
[SECURITY] Fedora 18 Update: mediawiki-1.19.8-1.fc18
2013-09-20 16:25:33
nessus
nessus
Fedora 20 : mediawiki-1.21.2-1.fc20 (2013-15937)
2013-09-23 00:00:00
Fedora 19 : mediawiki-1.21.2-1.fc19 (2013-15984)
2013-09-21 00:00:00
Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:235)
2013-09-17 00:00:00
openvas
openvas
Fedora Update for mediawiki FEDORA-2013-15984
2013-09-24 00:00:00
Fedora Update for mediawiki FEDORA-2013-15984
2013-09-24 00:00:00
Fedora Update for mediawiki FEDORA-2013-15994
2013-09-24 00:00:00
mageia
mageia
Updated mediawiki package fixes security vulnerabilities
2013-09-14 00:15:05
securityvulns
securityvulns
[ MDVSA-2013:235 ] mediawiki
2013-10-03 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-10-03 00:00:00
debiancve
debiancve
CVE-2013-4303
2019-12-11 19:15:00
CVE-2013-4302
2013-10-27 00:55:00
CVE-2013-4301
2013-10-27 00:55:00
prion
prion
Design/Logic Flaw
2013-10-27 00:55:00
Cross site request forgery (csrf)
2013-10-27 00:55:00
Cross site scripting
2019-12-11 19:15:00
debian
debian
[SECURITY] [DSA 2753-1] mediawiki security update
2013-09-13 07:55:29
cve
cve
CVE-2013-4301
2013-10-27 00:55:00
CVE-2013-4303
2019-12-11 19:15:00
CVE-2013-4302
2013-10-27 00:55:00
ubuntucve
ubuntucve
CVE-2013-4301
2013-10-27 00:00:00
CVE-2013-4302
2013-10-27 00:00:00
CVE-2013-4303
2019-12-11 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2013-10-28 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON
Related for OPENVAS:13614125623111020130276
fedora3nessus7openvas8mageia1securityvulns2debiancve3prion3debian1cve3ubuntucve3gentoo1