Gosa Gosaproject Gosa

stack.watch can notify you when security vulnerabilities are reported in Gosaproject Gosa. You can add multiple products that you use with Gosa to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Gosaproject Gosa . Last year Gosa had 1 security vulnerability published. Right now, Gosa is on track to have less security vulerabilities in 2020 than it did last year.

Year Vulnerabilities Average Score
2020 0 0.00
2019 1 6.50
2018 0 0.00

It may take a day or so for new Gosa vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Gosaproject Gosa Security Vulnerabilities

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account

CVE-2019-14466 6.5 - Medium - December 31, 2019

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

CVE-2019-14466 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Marshaling, Unmarshaling