Lucene search

Gentoo FoundationMGASA-2024-0279

HistoryAug 15, 2024 - 8:48 p.m.

Updated roundcubemail packages fix security vulnerabilities

2024-08-1520:48:28

Gentoo Foundation

advisories.mageia.org

xss

html content

attachments

svg

information leak

remote content

css filtering

security

roundcubemail

packages

vulnerabilities

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.008

Percentile

82.1%

JSON

Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

OSVersionArchitecturePackageVersionFilename
Mageia9noarchroundcubemail< 1.6.8-1roundcubemail-1.6.8-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	roundcubemail	< 1.6.8-1	roundcubemail-1.6.8-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=33460

github.com/roundcube/roundcubemail/releases/tag/1.6.8

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.008

Percentile

82.1%

JSON

Related for MGASA-2024-0279