PublicDateAtUSN: 2019-09-17 21:15:00 UTC
Candidate: CVE-2019-16391
PublicDate: 2019-09-17 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16391
 https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
 https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html
 https://ubuntu.com/security/notices/USN-4536-1
Description:
 SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to
 modify any published content and execute other modifications in the
 database. This is related to ecrire/inc/meta.php and
 ecrire/inc/securiser_action.php.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_spip:
 upstream: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
 upstream: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
upstream_spip: released (3.2.5-1)
precise/esm_spip: DNE
trusty_spip: ignored (out of standard support)
trusty/esm_spip: DNE
xenial_spip: ignored (end of standard support, was needed)
bionic_spip: released (3.1.4-4~deb9u3build0.18.04.1)
disco_spip: ignored (reached end-of-life)
eoan_spip: ignored (reached end-of-life)
focal_spip: not-affected (3.2.5-1)
groovy_spip: not-affected (3.2.5-1)
hirsute_spip: not-affected (3.2.5-1)
impish_spip: not-affected (3.2.5-1)
jammy_spip: not-affected (3.2.5-1)
devel_spip: not-affected (3.2.5-1)