Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-7258-1
Vulnerability from osv_ubuntu
Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24728)
It was discovered that CKEditor did not properly handle the creation of editor instances in the Iframe Dialog and Media Embed packages. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-28439)
It was discovered that CKEditor did not properly handle parsing HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2024-24815, CVE-2024-24816)
It was discovered that CKEditor did not properly sanitize version notifications. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-43411)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm2?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.7+dfsg-2ubuntu0.16.04.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg1-3",
"4.5.6+dfsg-1",
"4.5.7+dfsg-1",
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.7+dfsg-2ubuntu0.18.04.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.18.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.12.1+dfsg-1ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.12.1+dfsg-1ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.11.1+dfsg-1",
"4.12.1+dfsg-1",
"4.12.1+dfsg-1ubuntu0.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.16.2+dfsg-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.16.2+dfsg-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.16.0+dfsg-2",
"4.16.2+dfsg-1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:Pro:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu0.24.04.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu0.24.04.1~esm1?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.22.1+dfsg1-2ubuntu0.24.04.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2"
]
}
],
"aliases": [],
"details": "Kevin Backhouse discovered that CKEditor did not properly sanitize HTML\ncontent. An attacker could possibly use this issue to perform cross site\nscripting and obtain sensitive information. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2022-24728)\n\nIt was discovered that CKEditor did not properly handle the creation of\neditor instances in the Iframe Dialog and Media Embed packages. An\nattacker could possibly use this issue to perform cross site scripting\nand obtain sensitive information. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2023-28439)\n\nIt was discovered that CKEditor did not properly handle parsing HTML\ncontent. An attacker could possibly use this issue to perform cross site\nscripting and obtain sensitive information.\n(CVE-2024-24815, CVE-2024-24816)\n\nIt was discovered that CKEditor did not properly sanitize version\nnotifications. An attacker could possibly use this issue to perform cross\nsite scripting and obtain sensitive information. This issue only affected\nUbuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-43411)\n",
"id": "USN-7258-1",
"modified": "2026-06-25T10:46:38Z",
"published": "2025-02-06T01:26:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7258-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24728"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-28439"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24815"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24816"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-43411"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ckeditor vulnerabilities",
"upstream": [
"UBUNTU-CVE-2022-24728",
"UBUNTU-CVE-2023-28439",
"UBUNTU-CVE-2024-24815",
"UBUNTU-CVE-2024-24816",
"UBUNTU-CVE-2024-43411"
]
}
ubuntu-cve-2022-24728
Vulnerability from osv_ubuntu
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg1-3",
"4.5.6+dfsg-1",
"4.5.7+dfsg-1",
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm1",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "5.2-1ubuntu1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "5.2-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9-1",
"5.1-1",
"5.2-1",
"5.2-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.2.12-5"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.11-2",
"4.2.12-3",
"4.2.12-4",
"4.2.12-5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.18.04.1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.2-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.2-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.7-1",
"6.1-1",
"6.2-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.1-5",
"4.4.2-1",
"4.4.2-2",
"4.4.2-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.12.1+dfsg-1ubuntu0.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.11.1+dfsg-1",
"4.12.1+dfsg-1",
"4.12.1+dfsg-1ubuntu0.1",
"4.12.1+dfsg-1ubuntu0.1+esm1",
"4.12.1+dfsg-1ubuntu0.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-3",
"3.6.6.1+dfsg-4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.3-2",
"4.4.3-2+deb10u3build0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "7.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "7.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.5-1",
"7.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu1.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.16.2+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.16.0+dfsg-2",
"4.16.2+dfsg-1",
"4.16.2+dfsg-1ubuntu0.1~esm1",
"4.16.2+dfsg-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "8.5-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "8.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3-1",
"8.5-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu2",
"4.4.7+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1build1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1build1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1",
"9.0-1build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
}
],
"aliases": [],
"details": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.",
"id": "UBUNTU-CVE-2022-24728",
"modified": "2026-05-20T14:55:51Z",
"published": "2022-03-16T16:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-24728"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-24728"
]
}
ubuntu-cve-2023-28439
Vulnerability from osv_ubuntu
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than <textarea> as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the sandbox attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the config.iframe_attributes option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the config.embed_keepOriginalContent option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg1-3",
"4.5.6+dfsg-1",
"4.5.7+dfsg-1",
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm1",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "5.2-1ubuntu1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "5.2-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9-1",
"5.1-1",
"5.2-1",
"5.2-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.2.12-5"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.11-2",
"4.2.12-3",
"4.2.12-4",
"4.2.12-5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.18.04.1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.2-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.2-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.7-1",
"6.1-1",
"6.2-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.1-5",
"4.4.2-1",
"4.4.2-2",
"4.4.2-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.12.1+dfsg-1ubuntu0.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.11.1+dfsg-1",
"4.12.1+dfsg-1",
"4.12.1+dfsg-1ubuntu0.1",
"4.12.1+dfsg-1ubuntu0.1+esm1",
"4.12.1+dfsg-1ubuntu0.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-3",
"3.6.6.1+dfsg-4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.3-2",
"4.4.3-2+deb10u3build0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "7.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "7.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.5-1",
"7.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu1.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.16.2+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.16.0+dfsg-2",
"4.16.2+dfsg-1",
"4.16.2+dfsg-1ubuntu0.1~esm1",
"4.16.2+dfsg-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "8.5-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "8.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3-1",
"8.5-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu2",
"4.4.7+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1build1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1build1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1",
"9.0-1build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
}
],
"aliases": [],
"details": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `\u003ctextarea\u003e` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.",
"id": "UBUNTU-CVE-2023-28439",
"modified": "2026-05-20T15:02:33Z",
"published": "2023-03-22T21:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-28439"
},
{
"type": "REPORT",
"url": "https://ckeditor.com/cke4/addon/iframe"
},
{
"type": "REPORT",
"url": "https://ckeditor.com/cke4/addon/embed"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28439"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-28439"
]
}
ubuntu-cve-2024-24815
Vulnerability from osv_ubuntu
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to script and style elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg1-3",
"4.5.6+dfsg-1",
"4.5.7+dfsg-1",
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm1",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "5.2-1ubuntu1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "5.2-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9-1",
"5.1-1",
"5.2-1",
"5.2-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.2.12-5"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.11-2",
"4.2.12-3",
"4.2.12-4",
"4.2.12-5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.18.04.1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.2-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.2-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.7-1",
"6.1-1",
"6.2-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.1-5",
"4.4.2-1",
"4.4.2-2",
"4.4.2-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.12.1+dfsg-1ubuntu0.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.11.1+dfsg-1",
"4.12.1+dfsg-1",
"4.12.1+dfsg-1ubuntu0.1",
"4.12.1+dfsg-1ubuntu0.1+esm1",
"4.12.1+dfsg-1ubuntu0.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-3",
"3.6.6.1+dfsg-4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.3-2",
"4.4.3-2+deb10u3build0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "7.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "7.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.5-1",
"7.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu1.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.16.2+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.16.0+dfsg-2",
"4.16.2+dfsg-1",
"4.16.2+dfsg-1ubuntu0.1~esm1",
"4.16.2+dfsg-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "8.5-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "8.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3-1",
"8.5-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu2",
"4.4.7+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu0.24.04.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu0.24.04.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2",
"4.22.1+dfsg1-2ubuntu0.24.04.1~esm1",
"4.22.1+dfsg1-2ubuntu0.24.04.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu1.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2ubuntu1",
"4.22.1+dfsg1-2ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1build1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1build1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1",
"9.0-1build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
}
],
"aliases": [],
"details": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.",
"id": "UBUNTU-CVE-2024-24815",
"modified": "2026-05-20T15:07:37Z",
"published": "2024-02-07T16:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24815"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/commit/889315aa89de1d08f320990367ef4559551fdf9f"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24815"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-24815"
]
}
ubuntu-cve-2024-24816
Vulnerability from osv_ubuntu
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg1-3",
"4.5.6+dfsg-1",
"4.5.7+dfsg-1",
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm1",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm2",
"4.5.7+dfsg-2ubuntu0.16.04.1~esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "5.2-1ubuntu1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "5.2-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9-1",
"5.1-1",
"5.2-1",
"5.2-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.2.12-5"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.11-2",
"4.2.12-3",
"4.2.12-4",
"4.2.12-5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.5.7+dfsg-2",
"4.5.7+dfsg-2ubuntu0.18.04.1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm1",
"4.5.7+dfsg-2ubuntu0.18.04.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.2-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.2-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.7-1",
"6.1-1",
"6.2-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.1-5",
"4.4.2-1",
"4.4.2-2",
"4.4.2-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.12.1+dfsg-1ubuntu0.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.11.1+dfsg-1",
"4.12.1+dfsg-1",
"4.12.1+dfsg-1ubuntu0.1",
"4.12.1+dfsg-1ubuntu0.1+esm1",
"4.12.1+dfsg-1ubuntu0.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-3",
"3.6.6.1+dfsg-4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.3-2",
"4.4.3-2+deb10u3build0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "7.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "7.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.5-1",
"7.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu1.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.16.2+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.16.0+dfsg-2",
"4.16.2+dfsg-1",
"4.16.2+dfsg-1ubuntu0.1~esm1",
"4.16.2+dfsg-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "8.5-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "8.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3-1",
"8.5-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu2",
"4.4.7+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu0.24.04.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu0.24.04.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2",
"4.22.1+dfsg1-2ubuntu0.24.04.1~esm1",
"4.22.1+dfsg1-2ubuntu0.24.04.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu1.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2ubuntu1",
"4.22.1+dfsg1-2ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1build1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1build1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1",
"9.0-1build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
}
],
"aliases": [],
"details": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version \u003c 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.",
"id": "UBUNTU-CVE-2024-24816",
"modified": "2026-05-20T15:07:37Z",
"published": "2024-02-07T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24816"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/commit/7518202f0f228ee5549a36ecb7cb880b06ea5add"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24816"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-24816"
]
}
ubuntu-cve-2024-43411
Vulnerability from osv_ubuntu
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "5.2-1ubuntu1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "5.2-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.9-1",
"5.1-1",
"5.2-1",
"5.2-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.2.12-5"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.11-2",
"4.2.12-3",
"4.2.12-4",
"4.2.12-5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.2-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.2-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.7-1",
"6.1-1",
"6.2-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.1-5",
"4.4.2-1",
"4.4.2-2",
"4.4.2-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-4"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-3",
"3.6.6.1+dfsg-4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "6.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "6.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.3-2",
"4.4.3-2+deb10u3build0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "7.7-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "7.7-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.5-1",
"7.7-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu1.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor3",
"binary_version": "3.6.6.1+dfsg-7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ckeditor3",
"purl": "pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.6.6.1+dfsg-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "8.5-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "8.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3-1",
"8.5-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.4+dfsg-2ubuntu1",
"4.4.4+dfsg-2ubuntu2",
"4.4.7+dfsg-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu0.24.04.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu0.24.04.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2",
"4.22.1+dfsg1-2ubuntu0.24.04.1~esm1",
"4.22.1+dfsg1-2ubuntu0.24.04.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ckeditor",
"binary_version": "4.22.1+dfsg1-2ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ckeditor",
"purl": "pkg:deb/ubuntu/ckeditor@4.22.1+dfsg1-2ubuntu1.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.22.1+dfsg1-2ubuntu1",
"4.22.1+dfsg1-2ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ldap-account-manager",
"binary_version": "9.0-1build1"
},
{
"binary_name": "ldap-account-manager-lamdaemon",
"binary_version": "9.0-1build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ldap-account-manager",
"purl": "pkg:deb/ubuntu/ldap-account-manager@9.0-1build1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0-1",
"9.0-1build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "request-tracker4",
"purl": "pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.7+dfsg-4syncable1"
]
}
],
"aliases": [],
"details": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts.",
"id": "UBUNTU-CVE-2024-43411",
"modified": "2026-05-20T15:11:32Z",
"published": "2024-08-21T16:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-43411"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43411"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6v96-m24v-f58j"
},
{
"type": "REPORT",
"url": "https://github.com/ckeditor/ckeditor4/commit/b5069c9cb769ea22eae1cbd7200f22b1cf2e3a7f"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-43411"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.