Advisories » MGASA-2023-0352

Updated fusiondirectory packages fix security vulnerabilities

Publication date: 19 Dec 2023
Modification date: 19 Dec 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2022-36179 , CVE-2022-36180

Description

The updated packages fix security vulnerabilities:
Fusiondirectory 1.3 suffers from Improper Session Handling.
(CVE-2022-36179)
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via
/fusiondirectory/index.php?message=[injection],
/fusiondirectory/index.php?message=invalidparameter&plug={Injection],
/fusiondirectory/index.php?signout=1&message=[injection]&plug=106.
(CVE-2022-36180)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32092
• https://www.debian.org/lts/security/2023/dla-3487
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36179
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36180

SRPMS

8/core

• fusiondirectory-1.3.1-1.2.mga8

9/core

• fusiondirectory-1.3.1-1.2.mga9