UBUNTU-CVE-2020-25715

Source
https://ubuntu.com/security/CVE-2020-25715
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25715.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-25715
Related
Published
2021-05-28T11:15:00Z
Modified
2024-10-15T14:07:39Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dogtag-pki

Package

Name
dogtag-pki
Purl
pkg:deb/ubuntu/dogtag-pki?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.2.6-1
10.2.6-2
10.2.6-3
10.2.6+git20160317-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / dogtag-pki

Package

Name
dogtag-pki
Purl
pkg:deb/ubuntu/dogtag-pki?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.3.5+12-4ubuntu1
10.3.5+12-5
10.5.3-3
10.5.3-4
10.5.5-1
10.6.0~beta2-3
10.6.0-1ubuntu1
10.6.0-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / dogtag-pki

Package

Name
dogtag-pki
Purl
pkg:deb/ubuntu/dogtag-pki?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.7.3-4
10.8.3-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}