Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="bb30748d-e294-11ec-ae35-a0f3c100ae18"> |
2 |
<topic>Remote Code Execution via Email found in Turba</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>php74-horde-turba</name> |
6 |
<name>php80-horde-turba</name> |
7 |
<name>php81-horde-turba</name> |
8 |
<range><le>4.2.25</le></range> |
9 |
</package> |
10 |
</affects> |
11 |
<description> |
12 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
13 |
<p>Sonar Blog reports:</p> |
14 |
<blockquote cite="https://blog.sonarsource.com/horde-webmail-rce-via-email/"> |
15 |
<p>The discovered code vulnerability (CVE-2022-30287) allows an |
16 |
authenticated user of a Horde instance to execute arbitrary code |
17 |
on the underlying server.</p> |
18 |
<p>The vulnerability can be exploited with a single GET request |
19 |
which can be triggered via Cross-Site-Request-Forgery. For this, |
20 |
an attacker can craft a malicious email and include an external |
21 |
image that when rendered exploits the vulnerability without |
22 |
further interaction of a victim: the only requirement is to have |
23 |
a victim open the malicious email.</p> |
24 |
<p>The vulnerability exists in the default configuration and can |
25 |
be exploited with no knowledge of a targeted Horde instance. We |
26 |
confirmed that it exists in the latest version. The vendor has |
27 |
not released a patch at the time of writing.</p> |
28 |
<p>Another side-effect of this vulnerability is that the |
29 |
clear-text credentials of the victim triggering the exploit are |
30 |
leaked to the attacker. The adversary could then use them to |
31 |
gain access to even more services of an organization.</p> |
32 |
</blockquote> |
33 |
</body> |
34 |
</description> |
35 |
<references> |
36 |
<cvename>CVE-2022-30287</cvename> |
37 |
<url>https://blog.sonarsource.com/horde-webmail-rce-via-email/</url> |
38 |
</references> |
39 |
<dates> |
40 |
<discovery>2022-05-31</discovery> |
41 |
<entry>2022-06-02</entry> |
42 |
</dates> |
43 |
</vuln> |
44 |
|
1 |
<vuln vid="40e2c35e-db99-11ec-b0cf-3065ec8fd3ec"> |
45 |
<vuln vid="40e2c35e-db99-11ec-b0cf-3065ec8fd3ec"> |
2 |
<topic>chromium -- multiple vulnerabilities</topic> |
46 |
<topic>chromium -- multiple vulnerabilities</topic> |
3 |
<affects> |
47 |
<affects> |
4 |
- |
|
|