Уязвимость CVE-2020-35730: Информация
Описание
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
Важность: MEDIUM (6,1) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
|---|---|---|---|---|---|---|
| roundcube | sisyphus | 1.4.10-alt1 | 1.6.5-alt1 | ALT-PU-2020-3561-1 | 264087 | Исправлено |
| roundcube | p10 | 1.4.10-alt1 | 1.4.11-alt2 | ALT-PU-2020-3561-1 | 264087 | Исправлено |
| roundcube | p9 | 1.4.10-alt1 | 1.4.10-alt1 | ALT-PU-2020-3566-1 | 264088 | Исправлено |
| roundcube | c10f1 | 1.4.10-alt1 | 1.4.11-alt2 | ALT-PU-2020-3561-1 | 264087 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491 |
|
| https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10 |
|
| https://roundcube.net/download/ |
|
| https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 |
|
| https://github.com/roundcube/roundcubemail/releases/tag/1.2.13 |
|
| https://www.alexbirnberg.com/roundcube-xss.html |
|
| https://github.com/roundcube/roundcubemail/releases/tag/1.3.16 |
|
| FEDORA-2021-2cb0643316 | |
| FEDORA-2021-73359af51c |