CVE-2023-3978
Publication date 2 August 2023
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Status
Package | Ubuntu Release | Status |
---|---|---|
containerd | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Ignored end of standard support | |
golang-golang-x-net | 24.04 LTS noble |
Needs evaluation
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Ignored end of standard support | |
golang-golang-x-net-dev | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of standard support | |
google-guest-agent | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release |
Notes
alexmurray
google-guest-agent contains a vendored copy of golang-golang-x-net
mdeslaur
containerd contains a vendored copy of golang-golang-x-net google-guest-agent does not contain the render.go file containerd does not contain the render.go file
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |