[horde] another security issue discovered in Horde ref. CVE-2022-30287

Cristian-Petru Pencov cristian.pencov at artmatch.ro
Wed Jun 1 17:49:36 UTC 2022 

I fully understand that nowadays it is very difficult to keep up with  
all the security vulnerabilities that are being discovered!

Maybe it's time to have an official Statement from their side.
It's not a shame to admit that you can't support a project anymore,  
especially as complex as this one!


> Date: Wed, 01 Jun 2022 13:00:32 -0400
> From: Louis-Philippe Allard <lp.allard.1 at gmail.com>
> Subject: Re: [horde] another security issue discovered in Horde ref.  
> CVE-2022-30287



> CAUTION: This email originated from outside your organization.  
> Exercise caution when opening attachments or on clicking links from  
> unknown senders.
>
> Quoting Cristian-Petru Pencov <cristian.pencov at artmatch.ro>:
>
>> Hi folks,
>> it seems that Horde is under 'fire' regarding the security flaws
>> And this one is really nasty!
>>
>> "New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by  
>> Sending Email"
>> https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html
>>
>> and from researcher's blog
>> https://blog.sonarsource.com/horde-webmail-rce-via-email/
>>
>> I hope that the dev team will find the quickest solution to block  
>> this attacks.
>>
>> but:
>> As a beneficiary of this Open Source application, these findings  
>> make me wonder whether to continue using it or not!
>>
>> and the question that comes naturally would be:
>> Is there still goodwill from developers or the community to provide  
>> us a secure application and fix these vulnerabilities in a very  
>> short time?
>>
>> Thank you all for your precious time to make things better than yesterday!
>>
>> --
>>
>> Best regards,
>> Cristian-Petru Pencov
>> IT specialist
>>
>> ARTMATCH SRL
>> Calea Sagului (DN 59), KM 8+550 m
>> Platforma Incontro, Hala 4-7
>> 307221 Chisoda, Timis, Romania
>> mobile: +4 0721-202989 | fax: +4 0256-305015
>> e-mail: cristian.pencov at artmatch.ro | internet: www.artmatch.ro[1]
>>
>> Please consider the environment before printing this email.
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/To unsubscribe,  
>> mail: horde-unsubscribe at lists.horde.org
>
> In the last few years I noticed the mail list are very quiet.  Makes  
> me wonder if Horde is still maintained to begin with?  Genuine  
> question because I remember back in 2010-2011 the mail list was very  
> active (just look at the archives) and Horde was evolving rapidly.
>
> I understand your question about continuing to use it or not.  I  
> have the same question but finding a closely ressembling alternative  
> wont be easy...
>
>
> Links:
> ------
> [1] http://www.artmatch.ro
> Louis-Philippe Allard
> lp.allard.1 at gmail.com
> Sent using Horde Groupware on GNU/Linux
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list