[horde] XSS vulnerability via OpenOffice document preview
Michael Menge
michael.menge at zdv.uni-tuebingen.de
Wed Feb 23 09:14:46 UTC 2022
Hi,
I was notified about an unpatched security vulnerability
https://therecord.media/unpatched-bug-allows-takeover-of-horde-webmail-accounts-servers/
that can be mitigated by disabling the preview for OpenOffice documents.
In the article and the linked blog post. It is suggested to edit
config/mime_drivers.php
but IMHO creating a config/mime_drivers.local.php and setting
"$mime_drivers['ooo']['disable'] = true;"
should be better.
Is there a ETR for a patch?
Kind Regards
Michael Menge
--------------------------------------------------------------------------------
Michael Menge Tel.: (49) 7071 / 29-70316
Universität Tübingen Fax.: (49) 7071 / 29-5912
Zentrum für Datenverarbeitung mail:
michael.menge at zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
More information about the horde
mailing list