[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] OXAS-ADV-2023-0007: OX App Suite Security Advisory
From: Martin Heiland via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2024-02-12 8:40:29
Message-ID: 126219338.362.1707727229930 () asd-stable-core-mw-groupware-0 ! asd-stable-core-mw-hazelcast-headless ! asd-stable ! svc ! cluster ! local
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Dear subscribers,
We're sharing our latest advisory with you and like to thank everyone who contributed in \
finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App \
Suite, Dovecot and PowerDNS at YesWeHack.
This advisory has also been published at \
https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0007.html.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Internal reference: OXUIB-2599
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site \
Scripting'))
Component: frontend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite frontend 7.10.6-rev38
First fixed revision: OX App Suite frontend 7.10.6-rev39
Discovery date: 2023-10-18
Solution date: 2023-12-01
CVE: CVE-2023-41708
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Details:
XSS using script code as module at app loader. References to the "app loader" functionality \
could contain redirects to unexpected locations.
Risk:
Attackers could forge app references that bypass existing safeguards to inject malicious script \
code. No publicly available exploits are known.
Solution:
Please deploy the provided updates and patch releases. References to apps are now controlled \
more strict to avoid relative references.
---
Internal reference: MWB-2366
Type: CWE-400 (Uncontrolled Resource Consumption)
Component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite backend 7.10.6-rev55, OX App Suite backend 7.6.3-rev71, OX \
App Suite backend 8.19 First fixed revision: OX App Suite backend 7.10.6-rev56, OX App Suite \
backend 7.6.3-rev72, OX App Suite backend 8.20 Discovery date: 2023-11-02
Solution date: 2023-12-05
CVE: CVE-2023-41707
CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Details:
Excessive resource usage through mail search regex. Processing of user-defined mail search \
expressions is not limited.
Risk:
Availability of OX App Suite could be reduced due to high processing load. No publicly \
available exploits are known.
Solution:
Please deploy the provided updates and patch releases. Processing time of mail search \
expressions now gets monitored, and the related request is terminated if a resource threshold \
is reached.
---
Internal reference: MWB-2367
Type: CWE-400 (Uncontrolled Resource Consumption)
Component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite backend 7.10.6-rev55, OX App Suite backend 7.6.3-rev71, OX \
App Suite backend 8.19 First fixed revision: OX App Suite backend 7.10.6-rev56, OX App Suite \
backend 7.6.3-rev72, OX App Suite backend 8.20 Discovery date: 2023-11-02
Solution date: 2023-12-01
CVE: CVE-2023-41706
CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Details:
Excessive resource usage through drive search regex. Processing time of drive search \
expressions now gets monitored, and the related request is terminated if a resource threshold \
is reached.
Risk:
Availability of OX App Suite could be reduced due to high processing load. No publicly \
available exploits are known.
Solution:
Please deploy the provided updates and patch releases. Processing of user-defined drive search \
expressions is not limited
---
Internal reference: MWB-2392
Type: CWE-400 (Uncontrolled Resource Consumption)
Component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite backend 7.10.6-rev55, OX App Suite backend 7.6.3-rev71, OX \
App Suite backend 8.20 First fixed revision: OX App Suite backend 7.10.6-rev56, OX App Suite \
backend 7.6.3-rev72, OX App Suite backend 8.21 Discovery date: 2023-11-28
Solution date: 2023-12-06
CVE: CVE-2023-41705
CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Details:
High resource consumption by manipulated DAV user-agent strings. Processing of user-defined DAV \
user-agent strings is not limited.
Risk:
Availability of OX App Suite could be reduced due to high processing load. No publicly \
available exploits are known.
Solution:
Please deploy the provided updates and patch releases. Processing time of DAV user-agents now \
gets monitored, and the related request is terminated if a resource threshold is reached.
---
Internal reference: MWB-2393
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site \
Scripting'))
Component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite backend 7.10.6-rev55, OX App Suite backend 7.6.3-rev71, OX \
App Suite backend 8.20 First fixed revision: OX App Suite backend 7.10.6-rev56, OX App Suite \
backend 7.6.3-rev72, OX App Suite backend 8.21 Discovery date: 2023-11-28
Solution date: 2023-12-06
CVE: CVE-2023-41704
CVSS: 7.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)
Details:
XSS at E-Mail using CSS CID replacement. Processing of CID references at E-Mail can be abused \
to inject malicious script code that passes the sanitization engine.
Risk:
Malicious script code could be injected to a users sessions when interacting with E-Mails. No \
publicly available exploits are known.
Solution:
Please deploy the provided updates and patch releases. CID handing has been improved and \
resulting content is checked for malicious content.
---
Internal reference: DOCS-4483
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site \
Scripting'))
Component: office
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite office 7.10.6-rev9, OX App Suite office 8.19
First fixed revision: OX App Suite office 7.10.6-rev10, OX App Suite office 8.20
Discovery date: 2022-05-19
Solution date: 2022-05-23
CVE: CVE-2023-41703
CVSS: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Details:
UserIds of mentions are not saved correctly after editing a comment with mentions. User ID \
references at mentions in document comments were not correctly sanitized.
Risk:
Script code could be injected to a users session when working with a malicious document. No \
publicly available exploits are known.
Solution:
Please deploy the provided updates and patch releases. User-defined content like comments and \
mentions are now filtered to avoid potentially malicious content.
[Attachment #5 (application/pgp-signature)]
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic