Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2022-24729

Published: 16 March 2022

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

Notes

AuthorNote
sbeattie
embedded copies of ckeditor are in ldap-account-manager,
rt4, and rt5

Priority

Low

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
request-tracker4
Launchpad, Ubuntu, Debian
kinetic Ignored
(end of life, was needs-triage)
bionic Needs triage

focal Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

jammy Needs triage

impish Ignored
(end of life)
mantic Needs triage

ckeditor
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(end of life)
lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

jammy Needs triage

kinetic Ignored
(end of life, was needs-triage)
mantic Needs triage

ckeditor3
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(end of life)
lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
jammy Needs triage

kinetic Ignored
(end of life, was needs-triage)
mantic Needs triage

ldap-account-manager
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(end of life)
lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

jammy Needs triage

kinetic Ignored
(end of life, was needs-triage)
mantic Needs triage

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H