thunderbird 安全漏洞 (CVE-2021-4352)

admin

0
文章

0
评论

2023-11-29 23:10:52 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

thunderbird 安全漏洞 (CVE-2021-4352)

CVE编号

CVE-2021-4352

利用情况

暂无

补丁情况

N/A

披露时间

2023-06-07

漏洞描述

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vul...
https://wpscan.com/vulnerability/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1
https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	eyecix	jobsearch_wp_job_board	*		Up to (including) 1.8.1
	运行在以下环境
	系统	amazon_2	thunderbird	*		Up to (excluding) 91.6.0-1.amzn2.0.1
	运行在以下环境
	系统	anolis_os_8	thunderbird	*		Up to (excluding) 91.4.0-2.0.1
	运行在以下环境
	系统	centos_7	thunderbird	*		Up to (excluding) 91.4.0-3.el7_9
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	nss	*		Up to (excluding) 3.54.0-9.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	nss	*		Up to (excluding) 3.54.0-9.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	opensuse_Leap_15.2	MozillaThunderbird	*		Up to (excluding) 91.4.0-lp152.2.52.1
	运行在以下环境
	系统	opensuse_Leap_15.3	MozillaThunderbird	*		Up to (excluding) 91.4.0-8.45.2
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 91.4.0-3.0.1.el7_9
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 91.4.0-2.0.1.el8_5
	运行在以下环境
	系统	redhat_6	nss	*		Up to (excluding) 0:3.44.0-12.el6_10
	运行在以下环境
	系统	redhat_7	thunderbird	*		Up to (excluding) 91.3.0-2.el7_9