CVE-2019-13345 (retired)

Priority
Description
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name
or auth parameter.
Assigned-to
mdeslaur
Package
Source: squid (LP Ubuntu Debian)
Upstream:released (4.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):released (4.4-1ubuntu2.1)
Ubuntu 19.10 (Eoan):released (4.6-2ubuntu4)
Patches:
Upstream:https://github.com/squid-cache/squid/commit/be1dc8614e7514103ba84d4067ed6fd15ab8f82e (4.x)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (3.1.19-1ubuntu3.12.04.9)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.12-1ubuntu7.7)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.5.27-1ubuntu1.2)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/squid-cache/squid/commit/5730c2b5cb56e7639dc423dd62651c8736a54e35 (3.5)
More Information

Updated: 2019-07-19 19:14:54 UTC (commit 1b46622dfa9ba217ce37e413f84e9bf1847514bc)