Candidate: CVE-2016-2039 PublicDate: 2016-02-20 01:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039 https://www.phpmyadmin.net/security/PMASA-2016-2/ Description: libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Emanuel Bronshtein Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM] Patches_phpmyadmin: upstream: https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd (4.0) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/91638c04d1f2c3977560a5b9db3ac3879a38691b (4.4) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/13384f7f47dadb02cfe950af0413c7d3e136df8e (4.4) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813 (4.5) upstream: https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e (4.5) upstream_phpmyadmin: released (4:4.5.4-1) precise_phpmyadmin: ignored (reached end-of-life) precise/esm_phpmyadmin: DNE (precise was needed) trusty_phpmyadmin: ignored (out of standard support) trusty/esm_phpmyadmin: needed vivid_phpmyadmin: ignored (reached end-of-life) vivid/stable-phone-overlay_phpmyadmin: DNE vivid/ubuntu-core_phpmyadmin: DNE wily_phpmyadmin: ignored (reached end-of-life) xenial_phpmyadmin: not-affected (4:4.5.4-1) yakkety_phpmyadmin: not-affected (4:4.5.4-1) zesty_phpmyadmin: not-affected (4:4.5.4-1) artful_phpmyadmin: not-affected (4:4.5.4-1) bionic_phpmyadmin: not-affected (4:4.5.4-1) cosmic_phpmyadmin: not-affected (4:4.5.4-1) disco_phpmyadmin: not-affected (4:4.5.4-1) eoan_phpmyadmin: DNE focal_phpmyadmin: not-affected (4:4.5.4-1) groovy_phpmyadmin: not-affected (4:4.5.4-1) hirsute_phpmyadmin: not-affected (4:4.5.4-1) impish_phpmyadmin: not-affected (4:4.5.4-1) jammy_phpmyadmin: not-affected (4:4.5.4-1) devel_phpmyadmin: not-affected (4:4.5.4-1)