{"id":"USN-4693-1","summary":"ampache vulnerabilities","details":"It was discovered that an SQL injection vulnerability exists in the Ampache\nsearch engine. Any user able to perform searches could dump any data contained\nin the database. An attacker could use this to disclose sensitive information.\n(CVE-2019-12385)\n\nIt was discovered that an XSS vulnerability in Ampache. An attacker could use\nthis vulnerability to force an admin to create a new privileged user.\n(CVE-2019-12386)\n","modified":"2026-02-10T04:42:02Z","published":"2021-01-14T21:13:09Z","related":["UBUNTU-CVE-2019-12385","UBUNTU-CVE-2019-12386"],"upstream":["CVE-2019-12385","CVE-2019-12386","UBUNTU-CVE-2019-12385","UBUNTU-CVE-2019-12386"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4693-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12385"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12386"}],"affected":[{"package":{"name":"ampache","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ampache@3.6-rzb2779+dfsg-0ubuntu9.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6-rzb2779+dfsg-0ubuntu9.2"}]}],"versions":["3.6-rzb2779+dfsg-0ubuntu5","3.6-rzb2779+dfsg-0ubuntu6","3.6-rzb2779+dfsg-0ubuntu7","3.6-rzb2779+dfsg-0ubuntu8","3.6-rzb2779+dfsg-0ubuntu9","3.6-rzb2779+dfsg-0ubuntu9.1"],"ecosystem_specific":{"binaries":[{"binary_name":"ampache","binary_version":"3.6-rzb2779+dfsg-0ubuntu9.2"},{"binary_name":"ampache-common","binary_version":"3.6-rzb2779+dfsg-0ubuntu9.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2019-12385","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-12386","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4693-1.json"}}],"schema_version":"1.7.3"}