CVE-2018-6082
Publication date 14 November 2018
Last updated 24 July 2024
Ubuntu priority
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 65.0.3325.181-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 65.0.3325.181-0ubuntu0.14.04.1
|
|
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.7 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |