CVE-2019-16391 — MEDIUM (6.5)

Q: How severe is CVE-2019-16391?

CVE-2019-16391 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-16391?

Check the references section above for vendor advisories and patch information. Affected products include: Spip Spip, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Spip	Spip	< 3.1.11
Canonical	Ubuntu Linux	18.04
Debian	Debian Linux	8.0

References

https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPatchVendor Advisory
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPatchVendor Advisory
https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79PatchVendor Advisory
https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66PatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00038.htmlMailing ListThird Party Advisory
https://seclists.org/bugtraq/2019/Sep/40Mailing ListThird Party Advisory
https://usn.ubuntu.com/4536-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4532Third Party Advisory
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPatchVendor Advisory
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPatchVendor Advisory
https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79PatchVendor Advisory
https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66PatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00038.htmlMailing ListThird Party Advisory
https://seclists.org/bugtraq/2019/Sep/40Mailing ListThird Party Advisory
https://usn.ubuntu.com/4536-1/Third Party Advisory

FAQ

What is CVE-2019-16391?

CVE-2019-16391 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire...

How severe is CVE-2019-16391?

CVE-2019-16391 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-16391?

Check the references section above for vendor advisories and patch information. Affected products include: Spip Spip, Canonical Ubuntu Linux, Debian Debian Linux.