The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-1 advisory.

    Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use     this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. (CVE-2018-9861)

    Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly     use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
    (CVE-2020-9281)

    Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use     this issue to execute arbitrary code. This issue only affects Ubuntu 21.10. (CVE-2021-32808)

    Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use     this issue to inject arbitrary code. (CVE-2021-32809)

    Or Sahar discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this     issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
    (CVE-2021-33829)

    Mika Kulmala discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use     this issue to execute arbitrary code. (CVE-2021-37695)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 18.04 LTS / 20.04 LTS : CKEditor vulnerabilities (USN-5340-1)

medium Nessus Plugin ID 159137

Version 1.10

Version 1.9

Version 1.8

Version 1.8

Version 1.7

Version 1.6

Version 1.10 Aug 29, 2024, 4:23 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408291623
Version 1.9 Oct 16, 2023, 9:38 PM Detection Plugin metadata Plugin Feed: 202310162138
Version 1.8 Jul 13, 2023, 1:59 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Detection Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202307130159
Version 1.8 Oct 16, 2023, 7:25 PM Plugin metadata Detection Plugin Feed: 202310161925
Version 1.7 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.6 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254