OXAS-ADV-2023-0005
Vulnerability from csaf_ox
Published
2023-09-19 00:00
Modified
2024-01-22 00:00
Summary
OX App Suite Security Advisory OXAS-ADV-2023-0005



{
   document: {
      aggregate_severity: {
         text: "HIGH",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      lang: "en-US",
      publisher: {
         category: "vendor",
         name: "Open-Xchange GmbH",
         namespace: "https://open-xchange.com/",
      },
      references: [
         {
            category: "external",
            summary: "Release Notes",
            url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf",
         },
         {
            category: "self",
            summary: "Canonical CSAF document",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json",
         },
         {
            category: "self",
            summary: "Markdown representation",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/md/2023/oxas-adv-2023-0005.md",
         },
         {
            category: "self",
            summary: "HTML representation",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0005.html",
         },
         {
            category: "self",
            summary: "Plain-text representation",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2023/oxas-adv-2023-0005.txt",
         },
      ],
      title: "OX App Suite Security Advisory OXAS-ADV-2023-0005",
      tracking: {
         current_release_date: "2024-01-22T00:00:00+00:00",
         generator: {
            date: "2024-01-22T15:43:48+00:00",
            engine: {
               name: "OX CSAF",
               version: "1.0.0",
            },
         },
         id: "OXAS-ADV-2023-0005",
         initial_release_date: "2023-09-19T00:00:00+02:00",
         revision_history: [
            {
               date: "2023-09-19T00:00:00+02:00",
               number: "1",
               summary: "Initial release",
            },
            {
               date: "2024-01-22T00:00:00+00:00",
               number: "2",
               summary: "Public release",
            },
            {
               date: "2024-01-22T00:00:00+00:00",
               number: "3",
               summary: "Public release",
            },
            {
               date: "2024-01-22T00:00:00+00:00",
               number: "4",
               summary: "Public release",
            },
         ],
         status: "final",
         version: "4",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "7.10.6-rev50",
                        product: {
                           name: "OX App Suite backend 7.10.6-rev50",
                           product_id: "OXAS-BACKEND_7.10.6-rev50",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev50:*:*:*:*:*:*",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.10.6-rev51",
                        product: {
                           name: "OX App Suite backend 7.10.6-rev51",
                           product_id: "OXAS-BACKEND_7.10.6-rev51",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev51:*:*:*:*:*:*",
                              x_generic_uris: [
                                 {
                                    namespace: "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                                    uri: "urn:open-xchange:app_suite:patch-id:6248",
                                 },
                              ],
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.16",
                        product: {
                           name: "OX App Suite backend 8.16",
                           product_id: "OXAS-BACKEND_8.16",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:8.16:*:*:*:*:*:*:*",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.17",
                        product: {
                           name: "OX App Suite backend 8.17",
                           product_id: "OXAS-BACKEND_8.17",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:8.17:*:*:*:*:*:*:*",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OX App Suite backend",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "7.10.6-rev33",
                        product: {
                           name: "OX App Suite frontend 7.10.6-rev33",
                           product_id: "OXAS-FRONTEND_7.10.6-rev33",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev33:*:*:*:*:*:*",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.10.6-rev34",
                        product: {
                           name: "OX App Suite frontend 7.10.6-rev34",
                           product_id: "OXAS-FRONTEND_7.10.6-rev34",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev34:*:*:*:*:*:*",
                              x_generic_uris: [
                                 {
                                    namespace: "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                                    uri: "urn:open-xchange:app_suite:patch-id:6248",
                                 },
                              ],
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OX App Suite frontend",
               },
            ],
            category: "vendor",
            name: "Open-Xchange GmbH",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-29048",
         cwe: {
            id: "CWE-78",
            name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
         },
         discovery_date: "2023-08-08T08:49:07+02:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "MWB-2261",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-BACKEND_7.10.6-rev51",
            ],
            last_affected: [
               "OXAS-BACKEND_7.10.6-rev50",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2023-09-14T12:51:09+02:00",
               details: "Please deploy the provided updates and patch releases. The template engine has been reconfigured to deny execution of harmful commands on a system level.",
               product_ids: [
                  "OXAS-BACKEND_7.10.6-rev50",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "OXAS-BACKEND_7.10.6-rev50",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "OXMF templates allow remote code execution",
      },
      {
         cve: "CVE-2023-29050",
         cwe: {
            id: "CWE-90",
            name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')",
         },
         discovery_date: "2023-08-17T20:59:06+02:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "MWB-2274",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The optional \"LDAP contacts provider\" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-BACKEND_7.10.6-rev51",
               "OXAS-BACKEND_8.17",
            ],
            last_affected: [
               "OXAS-BACKEND_7.10.6-rev50",
               "OXAS-BACKEND_8.16",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2023-09-18T08:29:07+02:00",
               details: "Please deploy the provided updates and patch releases. Encoding has been added for user-provided fragments that are used when constructing the LDAP query.",
               product_ids: [
                  "OXAS-BACKEND_7.10.6-rev50",
                  "OXAS-BACKEND_8.16",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
                  version: "3.1",
               },
               products: [
                  "OXAS-BACKEND_7.10.6-rev50",
                  "OXAS-BACKEND_8.16",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "LDAP filter injection vulnerability in Contacts Provider LDAP",
      },
      {
         cve: "CVE-2023-29049",
         cwe: {
            id: "CWE-79",
            name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
         },
         discovery_date: "2023-08-14T14:15:50+02:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "OXUIB-2489",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The \"upsell\" widget at the portal page could be abused to inject arbitrary script code.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-FRONTEND_7.10.6-rev34",
            ],
            last_affected: [
               "OXAS-FRONTEND_7.10.6-rev33",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2023-09-18T15:22:30+02:00",
               details: "Please deploy the provided updates and patch releases. User input for this widget is now sanitized to avoid malicious content the be processed.",
               product_ids: [
                  "OXAS-FRONTEND_7.10.6-rev33",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "OXAS-FRONTEND_7.10.6-rev33",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "XSS in upsell portal widget",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.