Detections
Analytics

Debian DLA-2269-1 : wordpress security update

medium Nessus Plugin ID 138062

Language:

Synopsis

The remote Debian host is missing a security update.

Description

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) attacks, create open redirects, escalate privileges, and bypass authorization access.

CVE-2020-4046

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin.

CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them.

CVE-2020-4048

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS.

CVE-2020-4050

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved.
It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users.

For Debian 8 'Jessie', these problems have been fixed in version 4.1.31+dfsg-0+deb8u1.

We recommend that you upgrade your wordpress packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html

https://packages.debian.org/source/jessie/wordpress

Plugin Details

Severity: Medium

ID: 138062

File Name: debian_DLA-2269.nasl

Version: 1.5

Type: local

Agent: unix

Published: 7/2/2020

Updated: 3/4/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2020-4050

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-4047

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:wordpress-theme-twentythirteen, p-cpe:/a:debian:debian_linux:wordpress, p-cpe:/a:debian:debian_linux:wordpress-l10n, p-cpe:/a:debian:debian_linux:wordpress-theme-twentyfourteen, cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:wordpress-theme-twentyfifteen

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/1/2020

Vulnerability Publication Date: 6/12/2020

Reference Information

CVE: CVE-2020-4046, CVE-2020-4047, CVE-2020-4048, CVE-2020-4049, CVE-2020-4050