阿里云漏洞库

漏洞描述

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://blog.nintechnet.com/wordpress-jobsearch-wp-job-board-plugin-fixed-vul...
https://wpscan.com/vulnerability/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1
https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	eyecix	jobsearch_wp_job_board	*		Up to (including) 1.8.1
	运行在以下环境
	系统	amazon_2	thunderbird	*		Up to (excluding) 91.6.0-1.amzn2.0.1
	运行在以下环境
	系统	anolis_os_8	thunderbird	*		Up to (excluding) 91.4.0-2.0.1
	运行在以下环境
	系统	centos_7	thunderbird	*		Up to (excluding) 91.4.0-3.el7_9
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	nss	*		Up to (excluding) 3.54.0-9.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	nss	*		Up to (excluding) 3.54.0-9.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	nss	*		Up to (excluding) 3.54.0-9.p01.ky10
	运行在以下环境
	系统	opensuse_Leap_15.2	MozillaThunderbird	*		Up to (excluding) 91.4.0-lp152.2.52.1
	运行在以下环境
	系统	opensuse_Leap_15.3	MozillaThunderbird	*		Up to (excluding) 91.4.0-8.45.2
	运行在以下环境
	系统	oracle_7	thunderbird	*		Up to (excluding) 91.4.0-3.0.1.el7_9
	运行在以下环境
	系统	oracle_8	thunderbird	*		Up to (excluding) 91.4.0-2.0.1.el8_5
	运行在以下环境
	系统	redhat_7	thunderbird	*		Up to (excluding) 91.3.0-2.el7_9
	运行在以下环境
	系统	rocky_linux_8	thunderbird	*		Up to (excluding) 91.3.0-2.el8_4

攻击路径

网络
攻击复杂度

低
权限要求

无
影响范围

未更改
用户交互

无
可用性

无
保密性

无
完整性

低

CWE-ID	漏洞类型
CWE-863	授权机制不正确

thunderbird 安全漏洞 (CVE-2021-4352)

漏洞描述

解决建议

参考链接

受影响软件情况