[Tickets #14926] Re: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails <= v5.2.22
noreply at bugs.horde.org
noreply at bugs.horde.org
Sat Dec 16 17:42:11 UTC 2023
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14926
------------------------------------------------------------------------------
Ticket | 14926
Updated By | tu.demop at gmail.com
Summary | Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing
| Emails <= v5.2.22
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
State | Resolved
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
tu.demop at gmail.com (2023-12-16 17:42) wrote:
> The original report included the following:
>
>> # Attacker can combine "CSRF vulnerability in Trean Bookmarks
>> (defaultly installed on Horde Groupware)" and
>> # "Stored XSS vulnerability in Horde TagCloud (defaultly
>> installed)" vulnerabilities to steal victim's emails.
>>
>> # Also:
>> # Attacker can use 3 different reflected XSS vulnerability to
>> exploit Remote Command Execution, SQL Injection and Code Execution.
>
> I am working on updating the Horde packages in Debian LTS, also
> coordinating with the security team for an update to Debian stable,
> and so some clarification would help.
>
> It is clear that the TagCloud XSS (CVE-2019-12094) was fixed and the
> associated commit was easy to find and applied cleanly to the Horde
> package in Debian. It is also clear that the CSRF (CVE-2019-12095)
> has been deemed minor and not worth fixing. However, it is not
> clear that the "3 different reflected XSS vulnerability" have been
> addressed. Is there an additional vulnerability there beyond those
> two which received CVE assignments? Answering this would help
> ensure that we properly track the state of Horde in Debian.
More information about the bugs
mailing list