1. Ubuntu Security Notices
  2. USN-5271-1

USN-5271-1: Adminer vulnerabilities

Publication date

3 June 2022

Overview

Several security issues were fixed in Adminer.

Releases

Packages

  • adminer - Web-based database administration tool

Details

It was discovered that Adminer did not escape data in the history parameter
of the default URI. A remote attacker could possibly use this issue to perform
cross-site scripting (XSS) attacks. This issue only affected Ubuntu 20.04 ESM.
(CVE-2020-35572)

Adam Crosser and Brian Sizemore discovered that Adminer incorrectly handled
redirection requests to internal servers. An unauthenticated remote attacker
could possibly use this to perform a server-side request forgery attack and
expose sensitive information. (CVE-2021-21311)

It was discovered that Adminer was incorrectly escaping data in the doc_link
function. A remote attacker could possibly use this issue to perform cross-site
scripting (XSS) attacks. This issue only affected Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2021-29625)

It was discovered that Adminer did not escape data in the history parameter
of the default URI. A remote attacker could possibly use this issue to perform
cross-site scripting (XSS) attacks. This issue only affected Ubuntu 20.04 ESM.
(CVE-2020-35572)

Adam Crosser and Brian Sizemore discovered that Adminer incorrectly handled
redirection requests to internal servers. An unauthenticated remote attacker
could possibly use this to perform a server-side request forgery attack and
expose sensitive information. (CVE-2021-21311)

It was discovered that Adminer was incorrectly escaping data in the doc_link
function. A remote attacker could possibly use this issue to perform cross-site
scripting (XSS) attacks. This issue only affected Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2021-29625)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 LTS focal adminer –  4.7.6-1ubuntu0.1~esm1  
18.04 LTS bionic adminer –  4.6.2-1ubuntu0.1~esm1  
16.04 LTS xenial adminer –  4.2.1-1ubuntu1+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›