USN-4609-1: GOsa vulnerabilities

Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. (CVE-2019-14466) It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". (CVE-2019-11187) Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting attacks via the change...