[Bug 1197036] New: VUL-0: CVE-2022-0813: phpMyAdmin: sensitive information with invalid requests through the the lang parameter, the pma_parameter, and the cookie section
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 Bug ID: 1197036 Summary: VUL-0: CVE-2022-0813: phpMyAdmin: sensitive information with invalid requests through the the lang parameter, the pma_parameter, and the cookie section Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/325919/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: chris@computersalat.de Reporter: thomas.leroy@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2022-0813 PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813 https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-releas... https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-e... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 http://bugzilla.opensuse.org/show_bug.cgi?id=1197036#c1 --- Comment #1 from Thomas Leroy <thomas.leroy@suse.com> --- Should be affected: - openSUSE:Backports:SLE-15-SP3 - openSUSE:Backports:SLE-15-SP3:Update - openSUSE:Backports:SLE-15-SP4 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 http://bugzilla.opensuse.org/show_bug.cgi?id=1197036#c2 Christian Wittmer <chris@computersalat.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Christian Wittmer <chris@computersalat.de> --- already fixed in server:php:applications Maintenance update prepared -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 http://bugzilla.opensuse.org/show_bug.cgi?id=1197036#c3 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger@gmx.de, | |chris@computersalat.de Assignee|chris@computersalat.de |ecsos@schirra.net --- Comment #3 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Bug 1197036 never seems to have been submitted. Bug 1208186 was fixed in SR#1063734. Eric, would you like to add "boo#1208186" to the changelog and submit both of these into Maintenance? TIA, otherwise let me know if you need help. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 http://bugzilla.opensuse.org/show_bug.cgi?id=1197036#c4 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ecsos@schirra.net Assignee|ecsos@schirra.net |security-team@suse.de --- Comment #4 from Andreas Stieger <Andreas.Stieger@gmx.de> --- submitted -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 http://bugzilla.opensuse.org/show_bug.cgi?id=1197036#c5 --- Comment #5 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1197036) was mentioned in https://build.opensuse.org/request/show/1065584 Backports:SLE-15-SP4 / phpMyAdmin -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197036 http://bugzilla.opensuse.org/show_bug.cgi?id=1197036#c6 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #6 from Andreas Stieger <Andreas.Stieger@gmx.de> --- done -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com