SOLVED UPS-430 - Horde Webmail 5.2.22 - Account Takeover via Email

[DJPRMF]

Just to know if cPanel team is currently working in fix this issue (or is already fixed)

Horde Webmail 5.2.22 - Account Takeover via Email

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

blog.sonarsource.com

Thanks

 

[cPRex]

Hey there! We are tracking this case with UPS-430. Our team hasn't decided how to handle that just yet, but I'll be sure to post updates as soon as I get them.

 

[rainboy]

Any News on this ? Its a standard configured application in cpanel, the work around would be not to hard to push.

 

[cPRex]

I don't have any other updates just yet.

 

[ITHKBO]

Rex has there been any confirmation that the Horde release version from cPanel is even vulnerable to the mentioned attack under default configuration?
I have not been able to find the required processor code under /usr/local/cpanel/base/horde/imp/config/mime_drivers.php

We ran a test here on 100.0.11 and 102.0.6 but on default cPanel configuration we were not able to get any ooo document preview working in conjunction with extention .xslt

 

[cPRex]

I'm having our security team check and confirm those findings now - I'll post back once I have an udpate.

 

[cPRex]

So far, we haven't been able to reproduce the specific vulnerability on a standard cPanel installation, so that's good news!

 

[cPRex]

Update - we've ensured the latest packages released for cpanel-php74-horde do not have this issue. Specifically this is the cpanel-php74-horde-5.2.23-4.cp11102 package, which will be available soon.