CVE-2021-32808

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-08-2021 07:15

Last modified: - 28-02-2022 03:44

Total changes: - 8

Description

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

Low

Privileges required

Changed

Scope

Required

User interaction

5.4

Base score

2.3

2.7

Exploitability score

Impact score

Verification logic

vendor=ckeditor AND product=ckeditor AND target_software=node.js AND versionStartIncluding=4.13.0 AND versionEndExcluding=4.16.2

vendor=fedoraproject AND product=fedora AND version=33

vendor=fedoraproject AND product=fedora AND version=34

vendor=fedoraproject AND product=fedora AND version=35

vendor=oracle AND product=application_express AND versionEndExcluding=21.1.4

vendor=oracle AND product=banking_party_management AND version=2.7.0

vendor=oracle AND product=commerce_guided_search AND version=11.3.2

vendor=oracle AND product=commerce_merchandising AND version=11.3.2

vendor=oracle AND product=documaker AND version=12.6.3

vendor=oracle AND product=documaker AND version=12.6.4

vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND versionEndIncluding=8.1.1 AND versionStartIncluding=8.0.7

vendor=oracle AND product=financial_services_model_management_and_governance AND version=8.0.8.0.0

vendor=oracle AND product=financial_services_model_management_and_governance AND version=8.1.0.0.0

vendor=oracle AND product=jd_edwards_enterpriseone_tools AND versionEndIncluding=9.2.6.0

vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.57

vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.58

vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.59

vendor=oracle AND product=siebel_ui_framework AND versionEndIncluding=21.9

vendor=oracle AND product=webcenter_sites AND version=12.2.1.3.0

vendor=oracle AND product=webcenter_sites AND version=12.2.1.4.0

Reference

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2
FEDORA-2021-51457da891-Mailing List, Third Party Advisory
FEDORA-2021-72176a63a8-Mailing List, Third Party Advisory
FEDORA-2021-87578dca12-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html

Keywords

CVE-2021-32808

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-32808

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures