admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-56xx/CVE-2023-5631.json
cad-safe-bot ad6d5a4ab2 Auto-Update: 2023-11-17T17:00:17.609269+00:00
2023-11-17 17:00:21 +00:00

235 lines
7.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-5631",
"sourceIdentifier": "security@eset.com",
"published": "2023-10-18T15:15:08.727",
"lastModified": "2023-11-17T15:15:12.237",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-10-26",
"cisaActionDue": "2023-11-16",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "\nRoundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker\n\nto load arbitrary JavaScript code.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Roundcube anterior a 1.4.15, 1.5.x anterior a 1.5.5 y 1.6.x anterior a 1.6.4 permiten almacenar XSS a trav\u00e9s de un mensaje de correo electr\u00f3nico HTML con un documento SVG manipulado debido al comportamiento de program/lib/Roundcube/rcube_washtml.php. Esto podr\u00eda permitir que un atacante remoto cargue c\u00f3digo JavaScript arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@eset.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@eset.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.15",
"matchCriteriaId": "4A35A7DC-58C4-43F7-A66C-229B0A409224"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.0",
"versionEndExcluding": "1.5.5",
"matchCriteriaId": "AF32BDE4-0C58-4D19-9E7C-CC0C0B22DF51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.6.0",
"versionEndExcluding": "1.6.4",
"matchCriteriaId": "BBAB5ECE-B692-46C2-A3EF-6BC52E4F3C3B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/01/1",
"source": "security@eset.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/01/3",
"source": "security@eset.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/17/2",
"source": "security@eset.com"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079",
"source": "security@eset.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d",
"source": "security@eset.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613",
"source": "security@eset.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/roundcube/roundcubemail/issues/9168",
"source": "security@eset.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.15",
"source": "security@eset.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.5",
"source": "security@eset.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.4",
"source": "security@eset.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html",
"source": "security@eset.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/",
"source": "security@eset.com"
},
{
"url": "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released",
"source": "security@eset.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15",
"source": "security@eset.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5531",
"source": "security@eset.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink