Lucene search

Ubuntu.comUB:CVE-2018-20149

HistoryDec 14, 2018 - 12:00 a.m.

CVE-2018-20149

2018-12-1400:00:00

ubuntu.com

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.0%

JSON

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server
is used, authors could upload crafted files that bypass intended MIME type
restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG
data.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchwordpress< anyUNKNOWN
ubuntu16.04noarchwordpress< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	wordpress	< any	UNKNOWN
ubuntu	16.04	noarch	wordpress	< any	UNKNOWN

References

github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a

launchpad.net/bugs/cve/CVE-2018-20149

nvd.nist.gov/vuln/detail/CVE-2018-20149

security-tracker.debian.org/tracker/CVE-2018-20149

wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

www.cve.org/CVERecord?id=CVE-2018-20149

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.0%

JSON

Related for UB:CVE-2018-20149