Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:136141256231112202151571HistoryAug 26, 2022 - 12:00 a.m.
Ubuntu: Security Advisory (USN-5157-1)
2022-08-2600:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
4
ubuntu 18.04 lts
ubuntu 20.04 lts
ubuntu 21.04
ubuntu 21.10
postorius package
input mishandling vulnerability
sensitive information
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
50.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2021.5157.1");
script_cve_id("CVE-2021-40347");
script_tag(name:"creation_date", value:"2022-08-26 07:43:23 +0000 (Fri, 26 Aug 2022)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-09-24 03:04:23 +0000 (Fri, 24 Sep 2021)");
script_name("Ubuntu: Security Advisory (USN-5157-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(18\.04\ LTS|20\.04\ LTS|21\.04|21\.10)");
script_xref(name:"Advisory-ID", value:"USN-5157-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-5157-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'postorius' package(s) announced via the USN-5157-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that Postorius mishandled specially crafted input. An
attacker could use this vulnerability that obtain sensitive information.");
script_tag(name:"affected", value:"'postorius' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.04, Ubuntu 21.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"python-django-postorius", ver:"1.1.2-3ubuntu0.1", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"python3-django-postorius", ver:"1.2.4-1ubuntu0.1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU21.04") {
if(!isnull(res = isdpkgvuln(pkg:"python3-django-postorius", ver:"1.3.4-1ubuntu0.1", rls:"UBUNTU21.04"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU21.10") {
if(!isnull(res = isdpkgvuln(pkg:"python3-django-postorius", ver:"1.3.4-2ubuntu0.1", rls:"UBUNTU21.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
osv
osv
postorius vulnerability
2021-11-25 19:46:37
PYSEC-2021-319
2021-09-10 19:15:00
GNU Mailman Postorius Access Control Issues
2022-05-24 19:14:08
prion
prion
Design/Logic Flaw
2021-09-10 19:15:00
nessus
nessus
Debian DSA-4970-1 : postorius - security update
2021-09-10 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Postorius vulnerability (USN-5157-1)
2021-11-30 00:00:00
github
github
GNU Mailman Postorius Access Control Issues
2022-05-24 19:14:08
nvd
nvd
CVE-2021-40347
2021-09-10 19:15:08
openvas
openvas
Debian: Security Advisory (DSA-4970-1)
2021-09-11 00:00:00
cve
cve
CVE-2021-40347
2021-09-10 19:15:08
veracode
veracode
Improper Access Control
2024-04-30 08:04:19
cvelist
cvelist
CVE-2021-40347
2021-09-10 18:17:24
debiancve
debiancve
CVE-2021-40347
2021-09-10 19:15:08
ubuntucve
ubuntucve
CVE-2021-40347
2021-09-10 00:00:00
debian
debian
[SECURITY] [DSA 4970-1] postorius security update
2021-09-09 17:52:25
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
50.4%
Related for OPENVAS:136141256231112202151571