Ubuntu.comUB:CVE-2022-29221CVE-2022-29221
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.3%
Smarty is a template engine for PHP, facilitating the separation of
presentation (HTML/CSS) from application logic. Prior to versions 3.1.45
and 4.1.1, template authors could inject php code by choosing a malicious
{block} name or {include} file name. Sites that cannot fully trust template
authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for
this issue. There are currently no known workarounds.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758>
Notes
| Author | Note |
|---|---|
| ccdm94 | postfixadmin does not contain embedded copies of smarty in trusty and xenial. In bionic, postfixadmin contains an embedded smarty copy at version 3.1.29, while in jammy it contains an embedded copy at version 3.1.33. In lunar and mantic this copy is at version 4.3.0. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 16.04 | noarch | collabtive | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | galette | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | postfixadmin | < 3.0.2-2ubuntu0.1~esm1 | UNKNOWN |
| ubuntu | 20.04 | noarch | postfixadmin | < 3.2.1-3ubuntu0.1~esm1 | UNKNOWN |
References
github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
github.com/smarty-php/smarty/releases/tag/v3.1.45
github.com/smarty-php/smarty/releases/tag/v4.1.1
github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
launchpad.net/bugs/cve/CVE-2022-29221
nvd.nist.gov/vuln/detail/CVE-2022-29221
security-tracker.debian.org/tracker/CVE-2022-29221
ubuntu.com/security/notices/USN-6012-1
ubuntu.com/security/notices/USN-6550-1
www.cve.org/CVERecord?id=CVE-2022-29221
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.3%