[Bug 1195018] New: VUL-0: CVE-2022-23808: phpMyAdmin: Multiple XSS and HTML injection attacks in setup script (PMASA-2022-2)
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 Bug ID: 1195018 Summary: VUL-0: CVE-2022-23808: phpMyAdmin: Multiple XSS and HTML injection attacks in setup script (PMASA-2022-2) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: chris@computersalat.de Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de CC: chris@computersalat.de, lang@b1-systems.de Found By: --- Blocker: --- It was discovered that phpMyAdmin versions prior to 5.1.2 are vulnerable to multiple XSS and HTML injection attacks in setup script. A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML injection. Considered moderate upstream. If a configuration file config.inc.php exists these issues are mitigated. References: https://www.phpmyadmin.net/security/PMASA-2022-2/ https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf... https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ecsos@schirra.net Assignee|chris@computersalat.de |ecsos@schirra.net -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 http://bugzilla.opensuse.org/show_bug.cgi?id=1195018#c1 Eric Schirra <ecsos@schirra.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #1 from Eric Schirra <ecsos@schirra.net> --- Request is on the way. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 http://bugzilla.opensuse.org/show_bug.cgi?id=1195018#c2 Eric Schirra <ecsos@schirra.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #2 from Eric Schirra <ecsos@schirra.net> --- Tumbleweed is on 5.1.3. And Leap is on 4.9.8. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 http://bugzilla.opensuse.org/show_bug.cgi?id=1195018#c3 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Version|Leap 15.3 |Leap 15.4 Resolution|FIXED |--- --- Comment #3 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Not fixed in openSUSE:Backports:SLE-15-SP4:Update/phpMyAdmin -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 http://bugzilla.opensuse.org/show_bug.cgi?id=1195018#c4 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |IN_PROGRESS CC| |Andreas.Stieger@gmx.de Assignee|ecsos@schirra.net |security-team@suse.de --- Comment #4 from Andreas Stieger <Andreas.Stieger@gmx.de> --- submitted -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 http://bugzilla.opensuse.org/show_bug.cgi?id=1195018#c5 --- Comment #5 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1195018) was mentioned in https://build.opensuse.org/request/show/1065584 Backports:SLE-15-SP4 / phpMyAdmin -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1195018 http://bugzilla.opensuse.org/show_bug.cgi?id=1195018#c6 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #6 from Andreas Stieger <Andreas.Stieger@gmx.de> --- done -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com