Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Mageia: 2020-0206 Critical: Roundcube XSS and CSRF Issues

mageia
Calendar Grey May 8, 2020
Dist Mageia Esm H88
Mageia security update addresses XSS, CSRF, remote code execution and path traversal issues in Roundcube.
Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting (XSS) via malicious HTML content (CVE-2020-12625) - CSRF attack can cause an authenticated user ...

Summary

Updated roundcubemail packages fix security vulnerabilities:
- Cross-Site Scripting (XSS) via malicious HTML content (CVE-2020-12625) - CSRF attack can cause an authenticated user to be logged out (CEV-2020-12626) - Remote code execution via crafted config options - Path traversal vulnerability allowing local file inclusion via crafted 'plugins' option

References

- https://bugs.mageia.org/show_bug.cgi?id=26586

- https://github.com/roundcube/roundcubemail/releases/tag/1.3.11

- https://lists.debian.org/debian-security-announce/2020/msg00077.html

- https://www.cve.org/CVERecord?id=CVE-2020-12625

- https://www.cve.org/CVERecord?id=CVE-2020-12626

Topics%20covered

Topics Covered

security advisory remote code execution cross-site scripting web application path traversal CSRF attack Mageia

Resolution

SRPMS

- 7/core/roundcubemail-1.3.11-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 08 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0206.html
Type: security
CVE: CVE-2020-12625, CVE-2020-12626

Topics%20covered

Topics Covered

security advisory remote code execution cross-site scripting web application path traversal CSRF attack Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here