[horde] another security issue discovered in Horde ref. CVE-2022-30287
Michael Menge
michael.menge at zdv.uni-tuebingen.de
Thu Jun 2 10:20:33 UTC 2022
Quoting Pascal Rigaux <pascal.rigaux at univ-paris1.fr>:
> On 01/06/2022 18:36, Cristian-Petru Pencov wrote:
>> Hi folks,
>> it seems that Horde is under 'fire' regarding the security flaws
>> And this one is really nasty!
>>
>> "New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by
>> Sending Email"
>> https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html
>>
>> and from researcher's blog
>> https://blog.sonarsource.com/horde-webmail-rce-via-email/
>>
>> I hope that the dev team will find the quickest solution to block
>> this attacks.
>
> Hi. I did the following quick fix with no regression for now...
Thanks for the Patch, but some of our users are unable to use horde, because
they receive a white page with "not allowed". I am still investigating.
Is there an other way to mitigate the CVE?
Kind regards
Michael
--------------------------------------------------------------------------------
Michael Menge Tel.: (49) 7071 / 29-70316
Universität Tübingen Fax.: (49) 7071 / 29-5912
Zentrum für Datenverarbeitung mail:
michael.menge at zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
More information about the horde
mailing list