公告ID: KYLIN-2019-13345
安全等级: 中等
产品: Kylin V3
发布日期: 2019年7月5日
CVE: CVE-2019-13345
CVSS3评分: 4.3
概述:
This issue affects the versions of squid as shipped with Kylin Enterprise Linux 5, 6, 7, and 8. Kylin Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. 描述:
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
squid
squid
squid
squid