Описание
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.7.11-1ubuntu1 |
| cosmic | not-affected | 2.7.11-1ubuntu1 |
| devel | DNE | |
| disco | not-affected | 2.7.11-1ubuntu1 |
| eoan | not-affected | 2.7.11-1ubuntu1 |
| esm-apps/bionic | not-affected | 2.7.11-1ubuntu1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/focal | DNE |
Показывать по
EPSS
9 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Уязвимость программного средства для организации совместной работы пользователей Horde Groupware, позволяющая нарушителю шифрование электронной почты
EPSS
9 Critical
CVSS2
8.8 High
CVSS3