USN-4609-1: GOsa vulnerabilities

USN-4609-1: GOsa vulnerabilities

Fabian Henneke discovered that GOsa incorrectly handled client cookies. An
authenticated user could exploit this with a crafted cookie to perform
file deletions in the context of the user account that runs the web
server. (CVE-2019-14466)

It was discovered that GOsa incorrectly handled user access control. A
remote attacker could use this issue to log into any account with a
username containing the word “success”. (CVE-2019-11187)

Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting
attacks via the change password form. A remote attacker could use this
flaw to run arbitrary web scripts. (CVE-2018-1000528)
Source: USN-4609-1: GOsa vulnerabilities

About KENNETH 14216 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.