Lucene search

Redhat.comRH:CVE-2024-42010

HistoryAug 06, 2024 - 9:48 a.m.

CVE-2024-42010

2024-08-0609:48:30

redhat.com

access.redhat.com

cve-2024-42010

roundcube

css token sequences

rendered e-mail messages

remote attacker

sensitive information

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

JSON

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

References

bugzilla.redhat.com/show_bug.cgi?id=2302937

github.com/roundcube/roundcubemail/releases

github.com/roundcube/roundcubemail/releases/tag/1.5.8

github.com/roundcube/roundcubemail/releases/tag/1.6.8

nvd.nist.gov/vuln/detail/CVE-2024-42010

roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

www.cve.org/CVERecord?id=CVE-2024-42010

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

JSON

Related for RH:CVE-2024-42010