Upstream information

CVE-2024-26482 at MITRE

Description

** DISPUTED ** An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

Note from the SUSE Security Team on the kernel-default package

SUSE will no longer fix all CVEs in the Linux Kernel anymore, but declare some bug classes as won't fix. Please refer to TID 21496 for more details.

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Container bci/bci-sle15-kernel-module-devel:15.6.17.15
  • kernel-default-devel >= 6.4.0-150600.23.14.2
  • kernel-devel >= 6.4.0-150600.23.14.2
  • kernel-macros >= 6.4.0-150600.23.14.2
  • kernel-syms >= 6.4.0-150600.23.14.2
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.8
Image SLES15-SP6
Image SLES15-SP6-BYOS
Image SLES15-SP6-BYOS-Azure
Image SLES15-SP6-BYOS-EC2
Image SLES15-SP6-BYOS-GCE
Image SLES15-SP6-CHOST-BYOS
Image SLES15-SP6-CHOST-BYOS-Aliyun
Image SLES15-SP6-CHOST-BYOS-Azure
Image SLES15-SP6-CHOST-BYOS-EC2
Image SLES15-SP6-CHOST-BYOS-GCE
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
Image SLES15-SP6-EC2
Image SLES15-SP6-EC2-ECS-HVM
Image SLES15-SP6-GCE
Image SLES15-SP6-HPC-BYOS
Image SLES15-SP6-HPC-BYOS-Azure
Image SLES15-SP6-HPC-BYOS-EC2
Image SLES15-SP6-HPC-BYOS-GCE
Image SLES15-SP6-HPC-EC2
Image SLES15-SP6-HPC-GCE
Image SLES15-SP6-Hardened-BYOS
Image SLES15-SP6-Hardened-BYOS-Azure
Image SLES15-SP6-Hardened-BYOS-EC2
Image SLES15-SP6-Hardened-BYOS-GCE
Image SLES15-SP6-SAP
Image SLES15-SP6-SAP-Azure
Image SLES15-SP6-SAP-EC2
Image SLES15-SP6-SAP-GCE
Image SLES15-SP6-SAPCAL
Image SLES15-SP6-SAPCAL-Azure
Image SLES15-SP6-SAPCAL-EC2
Image SLES15-SP6-SAPCAL-GCE
  • kernel-default >= 6.4.0-150600.23.14.2
Image SLES15-SP6-SAP-BYOS
Image SLES15-SP6-SAP-BYOS-Azure
Image SLES15-SP6-SAP-BYOS-EC2
Image SLES15-SP6-SAP-BYOS-GCE
Image SLES15-SP6-SAP-Hardened
Image SLES15-SP6-SAP-Hardened-Azure
Image SLES15-SP6-SAP-Hardened-BYOS
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
Image SLES15-SP6-SAP-Hardened-EC2
Image SLES15-SP6-SAP-Hardened-GCE
  • cluster-md-kmp-default >= 6.4.0-150600.23.14.2
  • dlm-kmp-default >= 6.4.0-150600.23.14.2
  • gfs2-kmp-default >= 6.4.0-150600.23.14.2
  • kernel-default >= 6.4.0-150600.23.14.2
  • ocfs2-kmp-default >= 6.4.0-150600.23.14.2
SUSE Linux Enterprise Desktop 15 SP6
  • kernel-64kb >= 6.4.0-150600.23.14.1
  • kernel-64kb-devel >= 6.4.0-150600.23.14.1
  • kernel-default >= 6.4.0-150600.23.14.2
  • kernel-default-base >= 6.4.0-150600.23.14.2.150600.12.4.3
  • kernel-default-devel >= 6.4.0-150600.23.14.2
  • kernel-default-extra >= 6.4.0-150600.23.14.2
  • kernel-devel >= 6.4.0-150600.23.14.2
  • kernel-docs >= 6.4.0-150600.23.14.2
  • kernel-macros >= 6.4.0-150600.23.14.2
  • kernel-obs-build >= 6.4.0-150600.23.14.2
  • kernel-source >= 6.4.0-150600.23.14.2
  • kernel-syms >= 6.4.0-150600.23.14.2
  • kernel-zfcpdump >= 6.4.0-150600.23.14.2
Patchnames:
SUSE-SLE-Module-Basesystem-15-SP6-2024-2571
SUSE-SLE-Module-Development-Tools-15-SP6-2024-2571
SUSE-SLE-Product-WE-15-SP6-2024-2571
SUSE Linux Enterprise High Availability Extension 15 SP6
  • cluster-md-kmp-default >= 6.4.0-150600.23.14.2
  • dlm-kmp-default >= 6.4.0-150600.23.14.2
  • gfs2-kmp-default >= 6.4.0-150600.23.14.2
  • ocfs2-kmp-default >= 6.4.0-150600.23.14.2
Patchnames:
SUSE-SLE-Product-HA-15-SP6-2024-2571
SUSE Linux Enterprise High Performance Computing 15 SP6
  • kernel-64kb >= 6.4.0-150600.23.14.1
  • kernel-64kb-devel >= 6.4.0-150600.23.14.1
  • kernel-default >= 6.4.0-150600.23.14.2
  • kernel-default-base >= 6.4.0-150600.23.14.2.150600.12.4.3
  • kernel-default-devel >= 6.4.0-150600.23.14.2
  • kernel-devel >= 6.4.0-150600.23.14.2
  • kernel-docs >= 6.4.0-150600.23.14.2
  • kernel-macros >= 6.4.0-150600.23.14.2
  • kernel-obs-build >= 6.4.0-150600.23.14.2
  • kernel-source >= 6.4.0-150600.23.14.2
  • kernel-syms >= 6.4.0-150600.23.14.2
  • kernel-zfcpdump >= 6.4.0-150600.23.14.2
  • reiserfs-kmp-default >= 6.4.0-150600.23.14.2
Patchnames:
SUSE-SLE-Module-Basesystem-15-SP6-2024-2571
SUSE-SLE-Module-Development-Tools-15-SP6-2024-2571
SUSE-SLE-Module-Legacy-15-SP6-2024-2571
SUSE Linux Enterprise Live Patching 15 SP6
    Patchnames:
    SUSE-SLE-Module-Live-Patching-15-SP6-2024-2571
    SUSE Linux Enterprise Module for Basesystem 15 SP6
    • kernel-64kb >= 6.4.0-150600.23.14.1
    • kernel-64kb-devel >= 6.4.0-150600.23.14.1
    • kernel-default >= 6.4.0-150600.23.14.2
    • kernel-default-base >= 6.4.0-150600.23.14.2.150600.12.4.3
    • kernel-default-devel >= 6.4.0-150600.23.14.2
    • kernel-devel >= 6.4.0-150600.23.14.2
    • kernel-macros >= 6.4.0-150600.23.14.2
    • kernel-zfcpdump >= 6.4.0-150600.23.14.2
    Patchnames:
    SUSE-SLE-Module-Basesystem-15-SP6-2024-2571
    SUSE Linux Enterprise Module for Development Tools 15 SP6
    • kernel-docs >= 6.4.0-150600.23.14.2
    • kernel-obs-build >= 6.4.0-150600.23.14.2
    • kernel-source >= 6.4.0-150600.23.14.2
    • kernel-syms >= 6.4.0-150600.23.14.2
    Patchnames:
    SUSE-SLE-Module-Development-Tools-15-SP6-2024-2571
    SUSE Linux Enterprise Module for Legacy 15 SP6
    • reiserfs-kmp-default >= 6.4.0-150600.23.14.2
    Patchnames:
    SUSE-SLE-Module-Legacy-15-SP6-2024-2571
    SUSE Linux Enterprise Server 15 SP6
    SUSE Linux Enterprise Server for SAP Applications 15 SP6
    • kernel-64kb >= 6.4.0-150600.23.14.1
    • kernel-64kb-devel >= 6.4.0-150600.23.14.1
    • kernel-default >= 6.4.0-150600.23.14.2
    • kernel-default-base >= 6.4.0-150600.23.14.2.150600.12.4.3
    • kernel-default-devel >= 6.4.0-150600.23.14.2
    • kernel-default-extra >= 6.4.0-150600.23.14.2
    • kernel-devel >= 6.4.0-150600.23.14.2
    • kernel-docs >= 6.4.0-150600.23.14.2
    • kernel-macros >= 6.4.0-150600.23.14.2
    • kernel-obs-build >= 6.4.0-150600.23.14.2
    • kernel-source >= 6.4.0-150600.23.14.2
    • kernel-syms >= 6.4.0-150600.23.14.2
    • kernel-zfcpdump >= 6.4.0-150600.23.14.2
    • reiserfs-kmp-default >= 6.4.0-150600.23.14.2
    Patchnames:
    SUSE-SLE-Module-Basesystem-15-SP6-2024-2571
    SUSE-SLE-Module-Development-Tools-15-SP6-2024-2571
    SUSE-SLE-Module-Legacy-15-SP6-2024-2571
    SUSE-SLE-Product-WE-15-SP6-2024-2571
    SUSE Linux Enterprise Workstation Extension 15 SP6
    • kernel-default-extra >= 6.4.0-150600.23.14.2
    Patchnames:
    SUSE-SLE-Product-WE-15-SP6-2024-2571
    openSUSE Leap 15.6
    • cluster-md-kmp-64kb >= 6.4.0-150600.23.14.1
    • cluster-md-kmp-default >= 6.4.0-150600.23.14.2
    • dlm-kmp-64kb >= 6.4.0-150600.23.14.1
    • dlm-kmp-default >= 6.4.0-150600.23.14.2
    • dtb-allwinner >= 6.4.0-150600.23.14.1
    • dtb-altera >= 6.4.0-150600.23.14.1
    • dtb-amazon >= 6.4.0-150600.23.14.1
    • dtb-amd >= 6.4.0-150600.23.14.1
    • dtb-amlogic >= 6.4.0-150600.23.14.1
    • dtb-apm >= 6.4.0-150600.23.14.1
    • dtb-apple >= 6.4.0-150600.23.14.1
    • dtb-arm >= 6.4.0-150600.23.14.1
    • dtb-broadcom >= 6.4.0-150600.23.14.1
    • dtb-cavium >= 6.4.0-150600.23.14.1
    • dtb-exynos >= 6.4.0-150600.23.14.1
    • dtb-freescale >= 6.4.0-150600.23.14.1
    • dtb-hisilicon >= 6.4.0-150600.23.14.1
    • dtb-lg >= 6.4.0-150600.23.14.1
    • dtb-marvell >= 6.4.0-150600.23.14.1
    • dtb-mediatek >= 6.4.0-150600.23.14.1
    • dtb-nvidia >= 6.4.0-150600.23.14.1
    • dtb-qcom >= 6.4.0-150600.23.14.1
    • dtb-renesas >= 6.4.0-150600.23.14.1
    • dtb-rockchip >= 6.4.0-150600.23.14.1
    • dtb-socionext >= 6.4.0-150600.23.14.1
    • dtb-sprd >= 6.4.0-150600.23.14.1
    • dtb-xilinx >= 6.4.0-150600.23.14.1
    • gfs2-kmp-64kb >= 6.4.0-150600.23.14.1
    • gfs2-kmp-default >= 6.4.0-150600.23.14.2
    • kernel-64kb >= 6.4.0-150600.23.14.1
    • kernel-64kb-devel >= 6.4.0-150600.23.14.1
    • kernel-64kb-extra >= 6.4.0-150600.23.14.1
    • kernel-64kb-livepatch-devel >= 6.4.0-150600.23.14.1
    • kernel-64kb-optional >= 6.4.0-150600.23.14.1
    • kernel-debug >= 6.4.0-150600.23.14.2
    • kernel-debug-devel >= 6.4.0-150600.23.14.2
    • kernel-debug-livepatch-devel >= 6.4.0-150600.23.14.2
    • kernel-debug-vdso >= 6.4.0-150600.23.14.2
    • kernel-default >= 6.4.0-150600.23.14.2
    • kernel-default-base >= 6.4.0-150600.23.14.2.150600.12.4.3
    • kernel-default-base-rebuild >= 6.4.0-150600.23.14.2.150600.12.4.3
    • kernel-default-devel >= 6.4.0-150600.23.14.2
    • kernel-default-extra >= 6.4.0-150600.23.14.2
    • kernel-default-livepatch >= 6.4.0-150600.23.14.2
    • kernel-default-livepatch-devel >= 6.4.0-150600.23.14.2
    • kernel-default-optional >= 6.4.0-150600.23.14.2
    • kernel-default-vdso >= 6.4.0-150600.23.14.2
    • kernel-devel >= 6.4.0-150600.23.14.2
    • kernel-docs >= 6.4.0-150600.23.14.2
    • kernel-docs-html >= 6.4.0-150600.23.14.2
    • kernel-kvmsmall >= 6.4.0-150600.23.14.2
    • kernel-kvmsmall-devel >= 6.4.0-150600.23.14.2
    • kernel-kvmsmall-livepatch-devel >= 6.4.0-150600.23.14.2
    • kernel-kvmsmall-vdso >= 6.4.0-150600.23.14.2
    • kernel-macros >= 6.4.0-150600.23.14.2
    • kernel-obs-build >= 6.4.0-150600.23.14.2
    • kernel-obs-qa >= 6.4.0-150600.23.14.2
    • kernel-source >= 6.4.0-150600.23.14.2
    • kernel-source-vanilla >= 6.4.0-150600.23.14.2
    • kernel-syms >= 6.4.0-150600.23.14.2
    • kernel-zfcpdump >= 6.4.0-150600.23.14.2
    • kselftests-kmp-64kb >= 6.4.0-150600.23.14.1
    • kselftests-kmp-default >= 6.4.0-150600.23.14.2
    • ocfs2-kmp-64kb >= 6.4.0-150600.23.14.1
    • ocfs2-kmp-default >= 6.4.0-150600.23.14.2
    • reiserfs-kmp-64kb >= 6.4.0-150600.23.14.1
    • reiserfs-kmp-default >= 6.4.0-150600.23.14.2
    Patchnames:
    openSUSE-SLE-15.6-2024-2571


    First public cloud image revisions this CVE is fixed in:


    SUSE Timeline for this CVE

    CVE page created: Thu Feb 22 07:00:09 2024
    CVE page last modified: Fri Sep 20 00:57:49 2024