Dotnetnuke 6.0.x < 9.11.0 Multiple Vulnerabilities (09.11.00)

critical Nessus Plugin ID 165701

Synopsis

An ASP.NET application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 9.11.0. It is, therefore, affected by multiple vulnerabilities.

- A third-party dependency, Moment.js, published security updates to their library. Fixes for the Issue DNN Platform 9.11.0 upgrades this dependency to the latest version resolving all known security issues with this dependency at the time of release. Affected Versions 9.0.0 - 9.10.2 (2022-01)

- DNN Platform utilizes a third-party WYSIWYG editor called CKEditor, this editor published numerous high- priority security issues. Fixes for the issue DNN Platform 9.11.0 has updated to CKE Version 4.18.0 and removed certain plugins to address various security bulletins. If you use other plugins than the provided ones, we suggest you check if they have updates available. Affected Versions. 8.0.0 - 9.10.2 (2022-02)

- An issue existed where an authenticated user could craft a data payload allowing arbitrary execution of JavaScript code on a page of an installation in certain configurations. Fixes for the Issue DNN Platform 9.11.0 introduced changes to the affected areas ensuring that all data display, as well as storage, is protected. Affected Versions 7.0.0 - 9.10.2 (2022-03)

- A malicious user could craft a request that would execute a XSS payload within the Digital Assets Manager.
Fix for the Issue The Digital Assets Manager module was removed from all installations in 9.11.0. Users that removed the Digital Asset Manager from older installations are protected from this issue. Affected versions 7.0.0 - 9.10.2 (2022-04)

- jQuery and jQuery UI are utilized by DNN Platform, and both published multiple security bulletins. Fixes for the Issue JQuery and jQuery UI were updated to the latest versions in 9.11.0 Affected Versions 8.0.0 - 9.10.2 (2022-05)

- DNN Platform distributed a third-party extension for an editor that allowed a possible redirect to an untrusted destination. Fixes for the issue. The affected component was removed from DNN platform in version 9.11.0 Affected Versions 8.0.0 - 9.10.2 (2022-06)

- DNN Platform utilizes KnockoutJS for portions of administrative functionality and new security vulnerabilities were noted by the publisher of the library. Fixes for the Issue DNN Platform 9.11.0 was updated to the latest version of knockout Affected Versions 9.0.0 - 9.10.2 (2022-07)

- A DNN administrator functionally was erroneously allowing a stored credential to be viewable by other administrators. Fixes for issue DNN Platform 9.11.0 updated the interfaces to ensure no prior stored credentials could be viewed. Affected Versions 9.0.0 - 9.10.2 (2022-08)

- DNN Platform uses Newtonsoft JSON for api serialization and the makers of this library published a high- priority security bulletin. Fixes for the Issue DNN Platform 9.11.0 was updated to the latest version.
Affected Versions 6.0.0 - 9.10.2 (2022-09)

- DNN Platform distributed and used SharpZipLib to provide File Compression functionality. The makers of this library published a high-priority security bulletin. Fixes for the Issue DNN Platform 9.11.0 was updated to the latest version. Affected Versions 6.0.0 - 9.10.2 (2022-10)

- DNN Platform uses log4net for application logging and the makers of this library published a high priority security bulletin. Fixes for the Issue DNN Platform 9.11.0 was updated to the latest version. Affected Versions 6.0.0 - 9.10.2 (2022-11)

- It was possible for a SuperUser to craft a request to obtain the contents of an arbitrary file in any directory of the DNN Platform installation. Fixes for the issue DNN Platform version 9.11.0 addressed this issue Affected Versions 9.0.0 - 9.10.2 (2022-12)

- It was possible with a customized authentication provider to circumvent the logic traditionally completed upon application logging following a specific sequence of access. Fixes for the issue This issue was addressed in 9.11.0 by adjusting process flows. Affected Versions 7.4.2 - 9.10.2 (2022-13)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 9.11.0 or later.

Plugin Details

Severity: Critical

ID: 165701

File Name: dotnetnuke_9_11_0.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 10/5/2022

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:/a:dotnetnuke:dotnetnuke

Required KB Items: installed_sw/DNN

Excluded KB Items: Settings/disable_cgi_scanning

Patch Publication Date: 9/28/2022

Vulnerability Publication Date: 9/28/2022