CVE-2022-24729 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
GitHub_M	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
ckeditor	ckeditor	4.0 ≤ 𝑥 < 4.18.0
drupal	drupal	8.0.0 ≤ 𝑥 < 9.2.15
drupal	drupal	9.3.0 ≤ 𝑥 < 9.3.8
oracle	application_express	𝑥 < 22.1.1
oracle	commerce_merchandising	11.3.2
oracle	financial_services_analytical_applications_infrastructure	8.0.7.0.0 ≤ 𝑥 ≤ 8.1.0.0.0
oracle	financial_services_analytical_applications_infrastructure	8.1.1.0
oracle	financial_services_analytical_applications_infrastructure	8.1.2.0
oracle	financial_services_analytical_applications_infrastructure	8.1.2.1
oracle	financial_services_behavior_detection_platform	8.1.1.0 ≤ 𝑥 ≤ 8.1.2.1
oracle	financial_services_behavior_detection_platform	8.0.7.0
oracle	financial_services_behavior_detection_platform	8.0.8.0
oracle	financial_services_trade-based_anti_money_laundering	8.0.7
oracle	financial_services_trade-based_anti_money_laundering	8.0.8
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	peoplesoft_enterprise_peopletools	8.59

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ckeditor

bullseye	no-dsa
buster	no-dsa
bookworm	4.19.1+dfsg-1 no-dsa
sid	4.22.1+dfsg1-2 fixed
trixie	4.22.1+dfsg1-2 fixed

ckeditor3

bookworm	no-dsa
bullseye	no-dsa
sid	vulnerable
trixie	vulnerable
buster	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

ckeditor

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	dne

ckeditor3

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
focal	needs-triage
bionic	needs-triage
xenial	ignored
trusty	dne

ldap-account-manager

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	dne

request-tracker4

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	dne

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

https://ckeditor.com/cke4/release/CKEditor-4.18.0

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

https://www.drupal.org/sa-core-2022-005

https://www.oracle.com/security-alerts/cpujul2022.html

https://ckeditor.com/cke4/release/CKEditor-4.18.0

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

https://www.drupal.org/sa-core-2022-005

https://www.oracle.com/security-alerts/cpujul2022.html