Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting

2014.03.18
Credit: Open-Xchange
Risk: Low
Local: No
Remote: Yes

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.4.1 and 7.4.2 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.1-rev10, 7.4.2-rev8 Vendor notification: 2014-02-11 Solution date: 2014-02-28 Public disclosure: 2014-03-17 CVE reference: CVE-2014-2077 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND) Vulnerability Details: Script code that gets entered to the subject field of a mail, either by direct typing or using reply/forward, gets executed. This is caused by "aria" tags for screenreaders at the top bar, which do not use sanitized versions of the content. Note that just reading such a mail will not trigger the malicious code. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). Solution: Users should update to the latest patch releases. Users should avoid replying or forwarding mails from untrusted sources that contain suspicious subjects. Internal reference: 31185 (Bug ID) Vulnerability type: Information exposure (CWE-200) Vulnerable version: 7.4.2 Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.2-rev9 Vendor notification: 2014-02-18 Solution date: 2014-02-26 Public disclosure: 2014-03-17 CVE reference: CVE-2014-2078 CVSSv2: 3.9 (AV:N/AC:L/Au:M/C:P/I:N/A:N/E:F/RL:U/RC:C/CDP:LM/TD:M/CR:ND/IR:ND/AR:ND) Vulnerability Details: Under some circumstances it may happen that E-Mail auto configuration for external accounts fails and returns an email address from a previously failing configuration attempt from any other user of the system. Risk: Users may gain unauthorised access to other users data e.g. mail addresses. Note that passwords are not affected by this. Solution: Users should update to the latest patch releases. As a temporary workaround, auto configuration for mail could be disabled at the backend: $ /opt/open-xchange/sbin/stopbundle com.openexchange.mail.autoconfig.json

References:

http://cxsecurity.com/issue/WLB-2014020089


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top