Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-9187 (GCVE-0-2019-9187)
Vulnerability from cvelistv5 – Published: 2019-06-05 17:55 – Updated: 2024-08-04 21:38
VLAI?
EPSS
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T19:49:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"name": "https://ikiwiki.info/news/",
"refsource": "MISC",
"url": "https://ikiwiki.info/news/"
},
{
"name": "https://ikiwiki.info/news/version_3.20190228/",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9187",
"datePublished": "2019-06-05T17:55:37.000Z",
"dateReserved": "2019-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.20170111.1\", \"matchCriteriaId\": \"F5820F84-9B21-40D2-815C-881BE8DABCE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.20190207\", \"versionEndExcluding\": \"3.20190226\", \"matchCriteriaId\": \"B21D0888-267E-4FC9-B609-A988D73C1F0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikiwiki:ikiwiki:3.20180105:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B95F227E-BF5E-4221-9D74-0A5B4B123CE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikiwiki:ikiwiki:3.20180228:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"602AC6B3-B133-4C14-B39F-78E5D26B939D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikiwiki:ikiwiki:3.20180311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D298889-62C1-4C38-A175-140D051E1A09\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.\"}, {\"lang\": \"es\", \"value\": \"ikiwiki anterior a versi\\u00f3n 3.20170111.1 y versi\\u00f3n 3.2018x y versi\\u00f3n 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto tambi\\u00e9n incluye la lectura de archivos locales por medio de archivos: URIs.\"}]",
"id": "CVE-2019-9187",
"lastModified": "2024-11-21T04:51:10.110",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-06-05T18:29:01.183",
"references": "[{\"url\": \"https://ikiwiki.info/news/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ikiwiki.info/news/version_3.20190228/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://ikiwiki.info/news/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ikiwiki.info/news/version_3.20190228/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-9187\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-05T18:29:01.183\",\"lastModified\":\"2024-11-21T04:51:10.110\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.\"},{\"lang\":\"es\",\"value\":\"ikiwiki anterior a versi\u00f3n 3.20170111.1 y versi\u00f3n 3.2018x y versi\u00f3n 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto tambi\u00e9n incluye la lectura de archivos locales por medio de archivos: URIs.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.20170111.1\",\"matchCriteriaId\":\"F5820F84-9B21-40D2-815C-881BE8DABCE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.20190207\",\"versionEndExcluding\":\"3.20190226\",\"matchCriteriaId\":\"B21D0888-267E-4FC9-B609-A988D73C1F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikiwiki:ikiwiki:3.20180105:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95F227E-BF5E-4221-9D74-0A5B4B123CE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikiwiki:ikiwiki:3.20180228:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"602AC6B3-B133-4C14-B39F-78E5D26B939D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikiwiki:ikiwiki:3.20180311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D298889-62C1-4C38-A175-140D051E1A09\"}]}]}],\"references\":[{\"url\":\"https://ikiwiki.info/news/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ikiwiki.info/news/version_3.20190228/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://ikiwiki.info/news/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ikiwiki.info/news/version_3.20190228/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2019-9187
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-9187",
"description": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.",
"id": "GSD-2019-9187",
"references": [
"https://www.suse.com/security/cve/CVE-2019-9187.html",
"https://www.debian.org/security/2019/dsa-4399",
"https://advisories.mageia.org/CVE-2019-9187.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-9187"
],
"details": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.",
"id": "GSD-2019-9187",
"modified": "2023-12-13T01:23:47.374195Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"name": "https://ikiwiki.info/news/",
"refsource": "MISC",
"url": "https://ikiwiki.info/news/"
},
{
"name": "https://ikiwiki.info/news/version_3.20190228/",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180228:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180105:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20170111.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20190226",
"versionStartIncluding": "3.20190207",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9187"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ikiwiki.info/news/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"name": "https://ikiwiki.info/news/version_3.20190228/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-07-17T20:15Z",
"publishedDate": "2019-06-05T18:29Z"
}
}
}
OPENSUSE-SU-2024:10860-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ikiwiki-3.20200202.3-2.7 on GA media
Severity
Moderate
Notes
Title of the patch: ikiwiki-3.20200202.3-2.7 on GA media
Description of the patch: These are all security issues fixed in the ikiwiki-3.20200202.3-2.7 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10860
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ikiwiki-3.20200202.3-2.7 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ikiwiki-3.20200202.3-2.7 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10860",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10860-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0169 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2944 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0428 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1401 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0220 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1572 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10026 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1238 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3714 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4561 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4561/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9645 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9646 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0356 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9187 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9187/"
}
],
"title": "ikiwiki-3.20200202.3-2.7 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10860-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ikiwiki-3.20200202.3-2.7.aarch64",
"product": {
"name": "ikiwiki-3.20200202.3-2.7.aarch64",
"product_id": "ikiwiki-3.20200202.3-2.7.aarch64"
}
},
{
"category": "product_version",
"name": "ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"product": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"product_id": "ikiwiki-w3m-3.20200202.3-2.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ikiwiki-3.20200202.3-2.7.ppc64le",
"product": {
"name": "ikiwiki-3.20200202.3-2.7.ppc64le",
"product_id": "ikiwiki-3.20200202.3-2.7.ppc64le"
}
},
{
"category": "product_version",
"name": "ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"product": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"product_id": "ikiwiki-w3m-3.20200202.3-2.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ikiwiki-3.20200202.3-2.7.s390x",
"product": {
"name": "ikiwiki-3.20200202.3-2.7.s390x",
"product_id": "ikiwiki-3.20200202.3-2.7.s390x"
}
},
{
"category": "product_version",
"name": "ikiwiki-w3m-3.20200202.3-2.7.s390x",
"product": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.s390x",
"product_id": "ikiwiki-w3m-3.20200202.3-2.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ikiwiki-3.20200202.3-2.7.x86_64",
"product": {
"name": "ikiwiki-3.20200202.3-2.7.x86_64",
"product_id": "ikiwiki-3.20200202.3-2.7.x86_64"
}
},
{
"category": "product_version",
"name": "ikiwiki-w3m-3.20200202.3-2.7.x86_64",
"product": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.x86_64",
"product_id": "ikiwiki-w3m-3.20200202.3-2.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-3.20200202.3-2.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64"
},
"product_reference": "ikiwiki-3.20200202.3-2.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-3.20200202.3-2.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le"
},
"product_reference": "ikiwiki-3.20200202.3-2.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-3.20200202.3-2.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x"
},
"product_reference": "ikiwiki-3.20200202.3-2.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-3.20200202.3-2.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64"
},
"product_reference": "ikiwiki-3.20200202.3-2.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64"
},
"product_reference": "ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le"
},
"product_reference": "ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x"
},
"product_reference": "ikiwiki-w3m-3.20200202.3-2.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ikiwiki-w3m-3.20200202.3-2.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
},
"product_reference": "ikiwiki-w3m-3.20200202.3-2.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-0169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0169"
}
],
"notes": [
{
"category": "general",
"text": "Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0169",
"url": "https://www.suse.com/security/cve/CVE-2008-0169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0169"
},
{
"cve": "CVE-2009-2944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2944"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2944",
"url": "https://www.suse.com/security/cve/CVE-2009-2944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-2944"
},
{
"cve": "CVE-2011-0428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0428"
}
],
"notes": [
{
"category": "general",
"text": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0428",
"url": "https://www.suse.com/security/cve/CVE-2011-0428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-0428"
},
{
"cve": "CVE-2011-1401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1401"
}
],
"notes": [
{
"category": "general",
"text": "ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the \"meta stylesheet\" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1401",
"url": "https://www.suse.com/security/cve/CVE-2011-1401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1401"
},
{
"cve": "CVE-2012-0220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0220"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0220",
"url": "https://www.suse.com/security/cve/CVE-2012-0220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0220"
},
{
"cve": "CVE-2014-1572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1572"
}
],
"notes": [
{
"category": "general",
"text": "The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1572",
"url": "https://www.suse.com/security/cve/CVE-2014-1572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1572"
},
{
"cve": "CVE-2016-10026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10026"
}
],
"notes": [
{
"category": "general",
"text": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10026",
"url": "https://www.suse.com/security/cve/CVE-2016-10026"
},
{
"category": "external",
"summary": "SUSE Bug 1016606 for CVE-2016-10026",
"url": "https://bugzilla.suse.com/1016606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-10026"
},
{
"cve": "CVE-2016-1238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1238"
}
],
"notes": [
{
"category": "general",
"text": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1238",
"url": "https://www.suse.com/security/cve/CVE-2016-1238"
},
{
"category": "external",
"summary": "SUSE Bug 1108749 for CVE-2016-1238",
"url": "https://bugzilla.suse.com/1108749"
},
{
"category": "external",
"summary": "SUSE Bug 1123389 for CVE-2016-1238",
"url": "https://bugzilla.suse.com/1123389"
},
{
"category": "external",
"summary": "SUSE Bug 987887 for CVE-2016-1238",
"url": "https://bugzilla.suse.com/987887"
},
{
"category": "external",
"summary": "SUSE Bug 988311 for CVE-2016-1238",
"url": "https://bugzilla.suse.com/988311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1238"
},
{
"cve": "CVE-2016-3714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3714"
}
],
"notes": [
{
"category": "general",
"text": "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3714",
"url": "https://www.suse.com/security/cve/CVE-2016-3714"
},
{
"category": "external",
"summary": "SUSE Bug 1000484 for CVE-2016-3714",
"url": "https://bugzilla.suse.com/1000484"
},
{
"category": "external",
"summary": "SUSE Bug 1057163 for CVE-2016-3714",
"url": "https://bugzilla.suse.com/1057163"
},
{
"category": "external",
"summary": "SUSE Bug 1105592 for CVE-2016-3714",
"url": "https://bugzilla.suse.com/1105592"
},
{
"category": "external",
"summary": "SUSE Bug 978061 for CVE-2016-3714",
"url": "https://bugzilla.suse.com/978061"
},
{
"category": "external",
"summary": "SUSE Bug 980401 for CVE-2016-3714",
"url": "https://bugzilla.suse.com/980401"
},
{
"category": "external",
"summary": "SUSE Bug 982178 for CVE-2016-3714",
"url": "https://bugzilla.suse.com/982178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3714"
},
{
"cve": "CVE-2016-4561",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4561"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4561",
"url": "https://www.suse.com/security/cve/CVE-2016-4561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-4561"
},
{
"cve": "CVE-2016-9645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9645"
}
],
"notes": [
{
"category": "general",
"text": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9645",
"url": "https://www.suse.com/security/cve/CVE-2016-9645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9645"
},
{
"cve": "CVE-2016-9646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9646"
}
],
"notes": [
{
"category": "general",
"text": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9646",
"url": "https://www.suse.com/security/cve/CVE-2016-9646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9646"
},
{
"cve": "CVE-2017-0356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0356"
}
],
"notes": [
{
"category": "general",
"text": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0356",
"url": "https://www.suse.com/security/cve/CVE-2017-0356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-0356"
},
{
"cve": "CVE-2019-9187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9187"
}
],
"notes": [
{
"category": "general",
"text": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9187",
"url": "https://www.suse.com/security/cve/CVE-2019-9187"
},
{
"category": "external",
"summary": "SUSE Bug 1128085 for CVE-2019-9187",
"url": "https://bugzilla.suse.com/1128085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-3.20200202.3-2.7.x86_64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.aarch64",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.ppc64le",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.s390x",
"openSUSE Tumbleweed:ikiwiki-w3m-3.20200202.3-2.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9187"
}
]
}
BDU:2020-03290
Vulnerability from fstec - Published: 10.02.2019
VLAI Severity ?
Title
Уязвимость плагина для сбора информации Aggregate plugin wiki-компилятора Ikiwiki, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость плагина для сбора информации Aggregate plugin wiki-компилятора Ikiwiki вызвана серверной фальсификацией запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации через файл: URI
Severity ?
Vendor
Сообщество свободного программного обеспечения, Joey Hess
Software Name
Debian GNU/Linux, Ikiwiki
Software Version
8 (Debian GNU/Linux), до 3.20170111.1 (Ikiwiki), от 3.20190 до 3.20190228 (Ikiwiki), 3.20180 (Ikiwiki)
Possible Mitigations
Использование рекомендаций:
Для Ikiwiki:
https://ikiwiki.info/news/
https://ikiwiki.info/news/version_3.20190228/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html
Reference
https://ikiwiki.info/news/
https://ikiwiki.info/news/version_3.20190228/
https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html
CWE
CWE-918
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Joey Hess",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Debian GNU/Linux), \u0434\u043e 3.20170111.1 (Ikiwiki), \u043e\u0442 3.20190 \u0434\u043e 3.20190228 (Ikiwiki), 3.20180 (Ikiwiki)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Ikiwiki:\nhttps://ikiwiki.info/news/\nhttps://ikiwiki.info/news/version_3.20190228/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00018.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.07.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.07.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-03290",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-9187",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ikiwiki",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 Aggregate plugin wiki-\u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440\u0430 Ikiwiki, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0421\u0435\u0440\u0432\u0435\u0440\u043d\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-918)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 Aggregate plugin wiki-\u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440\u0430 Ikiwiki\u00a0\u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b: URI",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://ikiwiki.info/news/ \nhttps://ikiwiki.info/news/version_3.20190228/\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00018.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-918",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
FKIE_CVE-2019-9187
Vulnerability from fkie_nvd - Published: 2019-06-05 18:29 - Updated: 2024-11-21 04:51
Severity ?
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/news/ | Vendor Advisory | |
| cve@mitre.org | https://ikiwiki.info/news/version_3.20190228/ | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/news/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/news/version_3.20190228/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5820F84-9B21-40D2-815C-881BE8DABCE1",
"versionEndExcluding": "3.20170111.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B21D0888-267E-4FC9-B609-A988D73C1F0A",
"versionEndExcluding": "3.20190226",
"versionStartIncluding": "3.20190207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180105:*:*:*:*:*:*:*",
"matchCriteriaId": "B95F227E-BF5E-4221-9D74-0A5B4B123CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180228:*:*:*:*:*:*:*",
"matchCriteriaId": "602AC6B3-B133-4C14-B39F-78E5D26B939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180311:*:*:*:*:*:*:*",
"matchCriteriaId": "2D298889-62C1-4C38-A175-140D051E1A09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
},
{
"lang": "es",
"value": "ikiwiki anterior a versi\u00f3n 3.20170111.1 y versi\u00f3n 3.2018x y versi\u00f3n 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto tambi\u00e9n incluye la lectura de archivos locales por medio de archivos: URIs."
}
],
"id": "CVE-2019-9187",
"lastModified": "2024-11-21T04:51:10.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T18:29:01.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"source": "cve@mitre.org",
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2019-06161
Vulnerability from cnvd - Published: 2019-03-05
VLAI Severity ?
Title
Ikiwiki服务器端请求伪造漏洞
Description
Ikiwiki是一款开源的wiki应用程序。
Ikiwiki中存在服务器端请求伪造漏洞,远程攻击者可利用该漏洞泄露信息或造成拒绝服务。
Severity
中
Patch Name
Ikiwiki服务器端请求伪造漏洞的补丁
Patch Description
Ikiwiki是一款开源的wiki应用程序。
Ikiwiki中存在服务器端请求伪造漏洞,远程攻击者可利用该漏洞泄露信息或造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://ikiwiki.info/
Reference
http://www.debian.org/security/2019/dsa-4399
https://vigilance.fr/vulnerability/Ikiwiki-information-disclosure-via-Server-Side-Request-Forgery-28629
https://packetstormsecurity.com/files/151917/Debian-Security-Advisory-4399-1.html
https://www.auscert.org.au/bulletins/76282
Impacted products
| Name | Ikiwiki Ikiwiki |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-9187"
}
},
"description": "Ikiwiki\u662f\u4e00\u6b3e\u5f00\u6e90\u7684wiki\u5e94\u7528\u7a0b\u5e8f\u3002\n\nIkiwiki\u4e2d\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Joey Hess",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://ikiwiki.info/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-06161",
"openTime": "2019-03-05",
"patchDescription": "Ikiwiki\u662f\u4e00\u6b3e\u5f00\u6e90\u7684wiki\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nIkiwiki\u4e2d\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Ikiwiki\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Ikiwiki Ikiwiki"
},
"referenceLink": "http://www.debian.org/security/2019/dsa-4399\r\nhttps://vigilance.fr/vulnerability/Ikiwiki-information-disclosure-via-Server-Side-Request-Forgery-28629\r\nhttps://packetstormsecurity.com/files/151917/Debian-Security-Advisory-4399-1.html\r\nhttps://www.auscert.org.au/bulletins/76282",
"serverity": "\u4e2d",
"submitTime": "2019-03-05",
"title": "Ikiwiki\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
GHSA-3H26-Q9XC-FJFF
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:53
VLAI?
Details
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2019-9187"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-05T18:29:00Z",
"severity": "HIGH"
},
"details": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.",
"id": "GHSA-3h26-q9xc-fjff",
"modified": "2024-04-04T00:53:12Z",
"published": "2022-05-24T16:47:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9187"
},
{
"type": "WEB",
"url": "https://ikiwiki.info/news"
},
{
"type": "WEB",
"url": "https://ikiwiki.info/news/version_3.20190228"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…