RoundCube | CVE-2023-43770 | Versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before

Discussion in 'Plugins/Modules/Addons' started by DDArt, Feb 14, 2024.

  1. DDArt

    DDArt Member

    Per: NVD - CVE-2023-43770 (nist.gov)
    Snippet: According to a description of the bug on NIST's National Vulnerability Database (NVD), the vulnerability impacts Roundcube versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3

    Most/all should be fine if you keep your host updated, most will probably have the 1.4.15 which is not listed below.
    ==============================================
    Alert: CISA Warns of Active 'Roundcube' Email Attacks
    • Vulnerability: Cross-site scripting (XSS) flaw in Roundcube email software (CVE-2023-43770, CVSS score: 6.1).
    • Affected Versions: Roundcube versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3.
    • Impact: Leads to information disclosure via malicious link references in plain/text messages.
    • Resolution: Patched in Roundcube version 1.6.3, released on September 15, 2023.
     
    Th0m likes this.

Share This Page