{"id":"USN-4609-1","summary":"gosa vulnerabilities","details":"Fabian Henneke discovered that GOsa incorrectly handled client cookies. An\nauthenticated user could exploit this with a crafted cookie to perform\nfile deletions in the context of the user account that runs the web\nserver. (CVE-2019-14466)\n\nIt was discovered that GOsa incorrectly handled user access control. A\nremote attacker could use this issue to log into any account with a\nusername containing the word \"success\". (CVE-2019-11187)\n\nFabian Henneke discovered that GOsa was vulnerable to cross-site scripting\nattacks via the change password form. A remote attacker could use this\nflaw to run arbitrary web scripts. (CVE-2018-1000528)\n","modified":"2026-04-27T15:46:23.451493Z","published":"2020-10-28T19:46:46Z","related":["UBUNTU-CVE-2018-1000528","UBUNTU-CVE-2019-11187","UBUNTU-CVE-2019-14466"],"upstream":["CVE-2018-1000528","CVE-2019-11187","CVE-2019-14466","UBUNTU-CVE-2018-1000528","UBUNTU-CVE-2019-11187","UBUNTU-CVE-2019-14466"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4609-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1000528"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11187"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14466"}],"affected":[{"package":{"name":"gosa","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gosa@2.7.4+reloaded2-9ubuntu1.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.4+reloaded2-9ubuntu1.1"}]}],"versions":["2.7.4+reloaded2-2","2.7.4+reloaded2-5","2.7.4+reloaded2-6","2.7.4+reloaded2-7","2.7.4+reloaded2-8","2.7.4+reloaded2-9","2.7.4+reloaded2-9ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-desktop"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-help-de"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-help-en"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-help-fr"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-help-nl"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-connectivity"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-dhcp"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-dhcp-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-dns"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-dns-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-fai"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-fai-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-gofax"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-gofon"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-goto"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-kolab"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-kolab-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-ldapmanager"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-mail"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-mit-krb5"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-mit-krb5-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-nagios"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-nagios-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-netatalk"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-opengroupware"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-openxchange"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-openxchange-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-opsi"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-phpgw"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-phpgw-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-phpscheduleit"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-phpscheduleit-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-pptp"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-pptp-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-pureftpd"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-pureftpd-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-rolemanagement"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-rsyslog"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-samba"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-scalix"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-squid"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-ssh"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-ssh-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-sudo"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-sudo-schema"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-systems"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-uw-imap"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-plugin-webdav"},{"binary_version":"2.7.4+reloaded2-9ubuntu1.1","binary_name":"gosa-schema"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-1000528"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2019-11187"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2019-14466"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4609-1.json"}}],"schema_version":"1.7.5"}