Ubuntu.comUB:CVE-2022-29221CVE-2022-29221
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.6%
Smarty is a template engine for PHP, facilitating the separation of
presentation (HTML/CSS) from application logic. Prior to versions 3.1.45
and 4.1.1, template authors could inject php code by choosing a malicious
{block} name or {include} file name. Sites that cannot fully trust template
authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for
this issue. There are currently no known workarounds.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011758>
Notes
| Author | Note |
|---|---|
| ccdm94 | postfixadmin does not contain embedded copies of smarty in trusty and xenial. In bionic, postfixadmin contains an embedded smarty copy at version 3.1.29, while in jammy it contains an embedded copy at version 3.1.33. In lunar and mantic this copy is at version 4.3.0. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 16.04 | noarch | collabtive | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | galette | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | gosa | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | postfixadmin | < 3.0.2-2ubuntu0.1~esm1 | UNKNOWN |
| ubuntu | 20.04 | noarch | postfixadmin | < 3.2.1-3ubuntu0.1~esm1 | UNKNOWN |
| ubuntu | 22.04 | noarch | postfixadmin | < 3.3.10-2ubuntu0.1~esm1 | UNKNOWN |
References
github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd
github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
github.com/smarty-php/smarty/releases/tag/v3.1.45
github.com/smarty-php/smarty/releases/tag/v4.1.1
github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
launchpad.net/bugs/cve/CVE-2022-29221
nvd.nist.gov/vuln/detail/CVE-2022-29221
security-tracker.debian.org/tracker/CVE-2022-29221
ubuntu.com/security/notices/USN-6012-1
ubuntu.com/security/notices/USN-6550-1
www.cve.org/CVERecord?id=CVE-2022-29221
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.6%