Candidate: CVE-2019-18346
PublicDate: 2019-12-04 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18346
 https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/
 https://gitlab.com/davical-project/davical/blob/master/ChangeLog
 https://www.davical.org/
Description:
 A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated
 user visits an attacker-controlled webpage, the attacker can send arbitrary
 requests in the name of the user to the application. If the attacked user
 is an administrator, the attacker could for example add a new admin user.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_davical:
upstream_davical: released (1.1.9.2-1)
precise/esm_davical: DNE
trusty_davical: ignored (out of standard support)
trusty/esm_davical: DNE
xenial_davical: ignored (end of standard support, was needed)
bionic_davical: needed
disco_davical: ignored (reached end-of-life)
eoan_davical: ignored (reached end-of-life)
focal_davical: not-affected (1.1.9.2-1)
groovy_davical: not-affected (1.1.9.2-1)
hirsute_davical: not-affected (1.1.9.2-1)
impish_davical: not-affected (1.1.9.2-1)
jammy_davical: not-affected (1.1.9.2-1)
devel_davical: not-affected (1.1.9.2-1)