[BlueOnyx:26659] Re: jquery warning
Taco Scargo
taco at blueonyx.nl
Tue Dec 12 10:23:03 -05 2023
Hi Tobias,
I stand corrected. To be very honest, I personally think the XSS issue this version has is not exploitable (easily) and I cannot think of any way running this version would impact the security of the BlueOnyx UI.
I agree we should always aim to run on non-vulnerable versions, but as sometimes upgrading to newer versions break the compatibility this would not be an easy effort.
But maybe Michael has a different view.
Best regards,
Taco
> On 12 Dec 2023, at 16:10, Tobias Gablunsky <t.gablunsky at cbxnet.de> wrote:
>
> Hi Taco,
>
> if you do a "grep -o "jquery:........" /usr/sausalito/ui/web/.adm/scripts/plugins-min.js" you get as output "jquery:"1.7.2",". This is on a 5209R as well as on a 5211R.
>
>
> Viele Grüße,
> i.A. Tobias Gablunsky
> IT-Infrastruktur & Lösungen
> ____________________________________________
> CBXNET combox internet GmbH
> Landhausstr. 22 | 10717 Berlin
> Tel: +49 (30) 5900 69-00
> Fax: +49 (30) 5900 69-99
> www.cbxnet.de <https://webmail.cbxnet.combox.group/www.cbxnet.de>
> Rechenzentren für sichere Geschäftsanwendungen
> Tel: +49 (30) 5900 69-80
> https://combox.bln.de <https://combox.bln.de/>
> Amtsgericht Berlin-Charlottenburg HRB 71171
> Geschäftsführer: Stephan Höhn
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Taco Scargo <taco at blueonyx.nl <mailto:taco at blueonyx.nl>>
> Gesendet: Dienstag 12. Dezember 2023 15:20
> An: Tobias Gablunsky <t.gablunsky at cbxnet.de <mailto:t.gablunsky at cbxnet.de>>; BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it <mailto:blueonyx at mail.blueonyx.it>>
> Betreff: Re: [BlueOnyx:26656] jquery warning
>
> Hi Tobias,
>
> As far as I know BlueOnyx doe not use jQuery 1.7.2 anywhere.
> There is some use of jQuery in the BlueOnyx UI (including apps like phpMyAdmin), but they have different (newer) version numbers.
>
> Can you share which location was identified and how you are sure it is not the website content?
>
> Best regards,
>
> Taco
>
> On 12 Dec 2023, at 15:05, Tobias Gablunsky via Blueonyx <blueonyx at mail.blueonyx.it> wrote:
>
> Hello,
>
> a customer of ours has initiated a vulnerability scan of his website. An outcome of this is a warning of a vulnerable Version of jQuery: "jQueryJS 1.7.2". This version seems to be part of BlueOnyx itself.
>
> Short question: is it possible to update this to eliminate this warning?
>
> Viele Grüße,
> i.A. Tobias Gablunsky
> IT-Infrastruktur & Lösungen
> ____________________________________________
> CBXNET combox internet GmbH
> Landhausstr. 22 | 10717 Berlin
> Tel: +49 (30) 5900 69-00
> Fax: +49 (30) 5900 69-99
> www.cbxnet.de <https://webmail.cbxnet.combox.group/www.cbxnet.de>
> Rechenzentren für sichere Geschäftsanwendungen
> Tel: +49 (30) 5900 69-80
> https://combox.bln.de <https://combox.bln.de/>
> Amtsgericht Berlin-Charlottenburg HRB 71171
> Geschäftsführer: Stephan Höhn
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it <mailto:Blueonyx at mail.blueonyx.it>
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20231212/91219fd6/attachment.html>
More information about the Blueonyx
mailing list