CVE-2022-24728
Publication date 16 March 2022
Last updated 6 February 2025
Ubuntu priority
Cvss 3 Severity Score
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
Status
Package | Ubuntu Release | Status |
---|---|---|
ckeditor | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Fixed 4.16.2+dfsg-1ubuntu0.1~esm1
|
|
20.04 LTS focal |
Fixed 4.12.1+dfsg-1ubuntu0.1+esm1
|
|
18.04 LTS bionic |
Fixed 4.5.7+dfsg-2ubuntu0.18.04.1+esm1
|
|
16.04 LTS xenial |
Fixed 4.5.7+dfsg-2ubuntu0.16.04.1~esm2
|
|
14.04 LTS trusty | Not in release | |
ckeditor3 | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
ldap-account-manager | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Not in release | |
request-tracker4 | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7258-1
- CKEditor vulnerabilities
- 6 February 2025