7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%
Fabian Henneke discovered that GOsa incorrectly handled client cookies. An
authenticated user could exploit this with a crafted cookie to perform
file deletions in the context of the user account that runs the web
server. (CVE-2019-14466)
It was discovered that GOsa incorrectly handled user access control. A
remote attacker could use this issue to log into any account with a
username containing the word “success”. (CVE-2019-11187)
Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting
attacks via the change password form. A remote attacker could use this
flaw to run arbitrary web scripts. (CVE-2018-1000528)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | gosa | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-desktop | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-dev | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-help-de | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-help-en | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-help-fr | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-help-nl | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-plugin-connectivity | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-plugin-dhcp | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | gosa-plugin-dhcp-schema | < 2.7.4+reloaded2-9ubuntu1.1 | UNKNOWN |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%