CVE-2021-3731
Publication date 23 August 2021
Last updated 24 July 2024
Ubuntu priority
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ledgersmb | 24.10 oracular |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Fixed 1.6.9+ds-1ubuntu0.1
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.7 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-5097-1
- LedgerSMB vulnerabilities
- 30 September 2021