Lucene search

Ubuntu.comUB:CVE-2018-25052

HistoryDec 28, 2022 - 12:00 a.m.

CVE-2018-25052

2022-12-2800:00:00

ubuntu.com

catalyst-plugin-session

cross site scripting

remote attack

session id handler

upgrade

patch identifier

vdb-216958

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.2%

JSON

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and
classified as problematic. This vulnerability affects the function
_load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component
Session ID Handler. The manipulation of the argument sid leads to cross
site scripting. The attack can be initiated remotely. Upgrading to version
0.41 is able to address this issue. The name of the patch is
88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the
affected component. VDB-216958 is the identifier assigned to this
vulnerability.

Notes

Author	Note
eslerm	CVE possibly assigned based on five year old commit message

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibcatalyst-plugin-session-perl< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	libcatalyst-plugin-session-perl	< any	UNKNOWN

References

github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41

launchpad.net/bugs/cve/CVE-2018-25052

nvd.nist.gov/vuln/detail/CVE-2018-25052

security-tracker.debian.org/tracker/CVE-2018-25052

www.cve.org/CVERecord?id=CVE-2018-25052

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.2%

JSON

Related for UB:CVE-2018-25052