Bugzilla – Bug 1137497
VUL-0: CVE-2019-12616: phpmyadmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF
Last modified: 2019-08-14 07:10:46 UTC
rh#1717402 A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken 'img' tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. Upstream advisory: https://www.phpmyadmin.net/security/PMASA-2019-4/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1717402 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12616 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616 https://www.phpmyadmin.net/security/PMASA-2019-4/ https://www.phpmyadmin.net/security/
ongoing work
This is an autogenerated message for OBS integration: This bug (1137497) was mentioned in https://build.opensuse.org/request/show/712645 15.0+15.1+42.3+Backports:SLE-12+Backports:SLE-15 / phpMyAdmin
openSUSE-SU-2019:1689-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1137496,1137497 CVE References: CVE-2019-11768,CVE-2019-12616 Sources used: openSUSE Leap 42.3 (src): phpMyAdmin-4.9.0.1-31.1 openSUSE Leap 15.1 (src): phpMyAdmin-4.9.0.1-lp151.2.3.1 openSUSE Leap 15.0 (src): phpMyAdmin-4.9.0.1-lp150.31.1 openSUSE Backports SLE-15 (src): phpMyAdmin-4.9.0.1-bp150.31.1
openSUSE-SU-2019:1689-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1137496,1137497 CVE References: CVE-2019-11768,CVE-2019-12616 Sources used: openSUSE Leap 42.3 (src): phpMyAdmin-4.9.0.1-31.1 openSUSE Leap 15.1 (src): phpMyAdmin-4.9.0.1-lp151.2.3.1 openSUSE Leap 15.0 (src): phpMyAdmin-4.9.0.1-lp150.31.1 openSUSE Backports SLE-15 (src): phpMyAdmin-4.9.0.1-bp150.31.1 SUSE Package Hub for SUSE Linux Enterprise 12 (src): phpMyAdmin-4.9.0.1-31.1
This is automated batch bugzilla cleanup. The openSUSE 42.3 changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE (At this moment openSUSE Leap 15.1, 15.0 and Tumbleweed) please feel free to reopen this bug against that version (!you must update the "Version" component in the bug fields, do not just reopen please), or alternatively create a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime
was fixed
openSUSE-SU-2019:1861-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1137496,1137497 CVE References: CVE-2019-11768,CVE-2019-12616 Sources used: openSUSE Backports SLE-15-SP1 (src): phpMyAdmin-4.9.0.1-bp151.3.3.1