cvelistv5 - cve-2023-24602

Source	URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2023/May/3	Mailing List, Third Party Advisory
cve@mitre.org	https://open-xchange.com	Product

Vendor	Product
n/a	n/a

ghsa-q3g4-cjxm-8685

Vulnerability from github

Published

2023-05-29 03:30

Modified

2024-04-04 04:22

Severity

6.1 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-24602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-29T03:15:09Z",
    "severity": "MODERATE"
  },
  "details": "OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.",
  "id": "GHSA-q3g4-cjxm-8685",
  "modified": "2024-04-04T04:22:30Z",
  "published": "2023-05-29T03:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24602"
    },
    {
      "type": "WEB",
      "url": "https://open-xchange.com"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/May/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

oxas-adv-2023-0001

Vulnerability from csaf_ox

Published

2023-02-06 00:00

Modified

2024-01-22 00:00

Summary

OX App Suite Security Advisory OXAS-ADV-2023-0001

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "HIGH"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "lang": "en-US",
    "publisher": {
      "category": "vendor",
      "name": "Open-Xchange GmbH",
      "namespace": "https://open-xchange.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Release Notes",
        "url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6209_7.10.6_2023-02-06.pdf"
      },
      {
        "category": "self",
        "summary": "Canonical CSAF document",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0001.json"
      },
      {
        "category": "self",
        "summary": "Markdown representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/md/2023/oxas-adv-2023-0001.md"
      },
      {
        "category": "self",
        "summary": "HTML representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0001.html"
      },
      {
        "category": "self",
        "summary": "Plain-text representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2023/oxas-adv-2023-0001.txt"
      }
    ],
    "title": "OX App Suite Security Advisory OXAS-ADV-2023-0001",
    "tracking": {
      "current_release_date": "2024-01-22T00:00:00+00:00",
      "generator": {
        "date": "2024-01-22T13:14:13+00:00",
        "engine": {
          "name": "OX CSAF",
          "version": "1.0.0"
        }
      },
      "id": "OXAS-ADV-2023-0001",
      "initial_release_date": "2023-02-06T00:00:00+01:00",
      "revision_history": [
        {
          "date": "2023-02-06T00:00:00+01:00",
          "number": "1",
          "summary": "Initial release"
        },
        {
          "date": "2024-01-22T00:00:00+00:00",
          "number": "2",
          "summary": "Public release"
        },
        {
          "date": "2024-01-22T00:00:00+00:00",
          "number": "3",
          "summary": "Public release"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.10.6-rev36",
                "product": {
                  "name": "OX App Suite backend 7.10.6-rev36",
                  "product_id": "OXAS-BACKEND_7.10.6-rev36",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev36:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.8",
                "product": {
                  "name": "OX App Suite backend 8.8",
                  "product_id": "OXAS-BACKEND_8.8",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.8:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev37",
                "product": {
                  "name": "OX App Suite backend 7.10.6-rev37",
                  "product_id": "OXAS-BACKEND_7.10.6-rev37",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev37:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6209"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.9",
                "product": {
                  "name": "OX App Suite backend 8.9",
                  "product_id": "OXAS-BACKEND_8.9",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.9:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.10",
                "product": {
                  "name": "OX App Suite backend 8.10",
                  "product_id": "OXAS-BACKEND_8.10",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.10:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev66",
                "product": {
                  "name": "OX App Suite backend 7.6.3-rev66",
                  "product_id": "OXAS-BACKEND_7.6.3-rev66",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev66:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev67",
                "product": {
                  "name": "OX App Suite backend 7.6.3-rev67",
                  "product_id": "OXAS-BACKEND_7.6.3-rev67",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev67:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6209"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OX App Suite backend"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.10.6-rev23",
                "product": {
                  "name": "OX App Suite frontend 7.10.6-rev23",
                  "product_id": "OXAS-FRONTEND_7.10.6-rev23",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev23:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev51",
                "product": {
                  "name": "OX App Suite frontend 7.6.3-rev51",
                  "product_id": "OXAS-FRONTEND_7.6.3-rev51",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev51:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.8",
                "product": {
                  "name": "OX App Suite frontend 8.8",
                  "product_id": "OXAS-FRONTEND_8.8",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.8:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev24",
                "product": {
                  "name": "OX App Suite frontend 7.10.6-rev24",
                  "product_id": "OXAS-FRONTEND_7.10.6-rev24",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev24:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6209"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev52",
                "product": {
                  "name": "OX App Suite frontend 7.6.3-rev52",
                  "product_id": "OXAS-FRONTEND_7.6.3-rev52",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev52:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6209"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.9",
                "product": {
                  "name": "OX App Suite frontend 8.9",
                  "product_id": "OXAS-FRONTEND_8.9",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.9:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pre8.0",
                "product": {
                  "name": "OX App Suite frontend pre8.0",
                  "product_id": "OXAS-FRONTEND_pre8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:pre8.0:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0",
                "product": {
                  "name": "OX App Suite frontend 8.0",
                  "product_id": "OXAS-FRONTEND_8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.0:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.6",
                "product": {
                  "name": "OX App Suite frontend 8.6",
                  "product_id": "OXAS-FRONTEND_8.6",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.6:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.7",
                "product": {
                  "name": "OX App Suite frontend 8.7",
                  "product_id": "OXAS-FRONTEND_8.7",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.7:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OX App Suite frontend"
          }
        ],
        "category": "vendor",
        "name": "Open-Xchange GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24599",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2023-01-02T16:30:53+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Appointments of other users could be changed without the appropriate autorization by sending conflicting object IDs within the same request."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.6-rev37",
          "OXAS-BACKEND_8.9"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.6-rev36",
          "OXAS-BACKEND_8.8"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-27T16:43:23+01:00",
          "details": "Please deploy the provided updates and patch releases. We improved permission checks when updating appointments to restrict access.",
          "product_ids": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_8.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_8.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Attackers within the same context can modify fragments of appointment information from folders without read access, including other users personal calendar folders."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Users can change arbitrary appointments by ID confusion"
    },
    {
      "cve": "CVE-2023-24603",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-01-03T14:06:48+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HTTP client requests initiated by App Suite middleware were not stopping downloads for resources that exceed size limits."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.6-rev37",
          "OXAS-BACKEND_8.10"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.6-rev36",
          "OXAS-BACKEND_8.9"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-31T09:45:34+01:00",
          "details": "Please deploy the provided updates and patch releases. We improved the limitation for content length and immediately stop downloading if a threshold is hit.",
          "product_ids": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_8.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_8.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "In case an attacker-controlled resource (e.g. iCal feed) returned excessive amount of HTTP headers, the system could temporarily lock up processing those headers."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Size limits for external content are not considered for data transfer"
    },
    {
      "cve": "CVE-2023-24604",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-01-03T14:43:16+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1983"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HTTP client requests initiated by App Suite middleware were not validating the lenght of HTTP headers."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.6-rev37",
          "OXAS-BACKEND_8.10"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.6-rev36",
          "OXAS-BACKEND_8.9"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-30T12:59:36+01:00",
          "details": "Please deploy the provided updates and patch releases. We introduced a limitation for HTTP header length and reject processing if a threshold is hit.",
          "product_ids": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_8.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_8.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "In case an attacker-controlled resource (e.g. iCal feed) returned excessive amount of HTTP headers, the system could temporarily lock up processing those headers."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Header length does not get limited for external content"
    },
    {
      "cve": "CVE-2023-24598",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2023-01-09T13:12:51+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1995"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Editing distribution lists allows to add contacts from foreign accounts, where the attacker has no read access."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.6-rev37",
          "OXAS-BACKEND_7.6.3-rev67",
          "OXAS-BACKEND_8.9"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.6-rev36",
          "OXAS-BACKEND_7.6.3-rev66",
          "OXAS-BACKEND_8.8"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-27T15:51:43+01:00",
          "details": "Please deploy the provided updates and patch releases. We improved permission checks when editing distribution lists to restrict access.",
          "product_ids": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_7.6.3-rev66",
            "OXAS-BACKEND_8.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_7.6.3-rev66",
            "OXAS-BACKEND_8.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Attackers within the same context can discover fragments of contact information from folders without read access, including other users personal contact folders."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Distribution lists allow discovering private contacts of other users"
    },
    {
      "cve": "CVE-2023-24605",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2023-01-10T09:29:23+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1997"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When using the built-in multi-factor authentication, access to a number of API endpoints was possible prior to successful authentication using the second factor."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.6-rev37"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.6-rev36"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-10T15:03:35+01:00",
          "details": "Please deploy the provided updates and patch releases. We added permission checks to make sure all kind of API paths are restricted prior to being fully authenticated.",
          "product_ids": [
            "OXAS-BACKEND_7.10.6-rev36"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.6-rev36"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Attackers with access to victims credentials were able to perfom limited read operations on contacts and drive as well as modifying names of the multi-factor tokens."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "API access not fully restricted when requiring 2FA"
    },
    {
      "cve": "CVE-2023-24600",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2023-01-10T15:58:54+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1998"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Folder ACL combinations like \"read own, delete all\" were incorrectly applied and allowed that users could move objects which they were not expected to read."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.6-rev37",
          "OXAS-BACKEND_7.6.3-rev67",
          "OXAS-BACKEND_8.9"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.6-rev36",
          "OXAS-BACKEND_7.6.3-rev66",
          "OXAS-BACKEND_8.8"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-27T15:21:48+01:00",
          "details": "Please deploy the provided updates and patch releases. Permission checks have been updated and include checking for read permissions when performing move operations.",
          "product_ids": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_7.6.3-rev66",
            "OXAS-BACKEND_8.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.6-rev36",
            "OXAS-BACKEND_7.6.3-rev66",
            "OXAS-BACKEND_8.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moving objects to folders with read access effectively bypassed the \"read own\" restriction."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "\"Read own/delete all\" permissions allows moving other users contacts to own address book"
    },
    {
      "cve": "CVE-2023-24597",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-01-03T12:26:53+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-2130"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When E-Mail is flagged as Spam or if a user has enabled the feature as a default, remote content in E-Mail is not requested automatically to improve users privacy. However when printing a E-Mail, external content was loaded automatically without user consent."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.6-rev24",
          "OXAS-FRONTEND_7.6.3-rev52",
          "OXAS-FRONTEND_8.9"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.6-rev23",
          "OXAS-FRONTEND_7.6.3-rev51",
          "OXAS-FRONTEND_8.8"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-26T14:40:23+01:00",
          "details": "Please deploy the provided updates and patch releases. We now apply the same setting for loading external content when generating the E-Mail print content.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.6-rev23",
            "OXAS-FRONTEND_7.6.3-rev51",
            "OXAS-FRONTEND_8.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.6-rev23",
            "OXAS-FRONTEND_7.6.3-rev51",
            "OXAS-FRONTEND_8.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious remote content in E-Mail, like tracking pixels, could be used to analyze user behaviour."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Remote resources are loaded in print view"
    },
    {
      "cve": "CVE-2023-24601",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-11-02T16:20:38+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-2034"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The \"registry\" sub-tree of the jslob API is used to define which application modules and dependencies shall be loaded. Users were able to inject arbitrary references, including malicious code."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.6-rev24",
          "OXAS-FRONTEND_7.6.3-rev52",
          "OXAS-FRONTEND_8.0"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.6-rev23",
          "OXAS-FRONTEND_7.6.3-rev51",
          "OXAS-FRONTEND_pre8.0"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-01-30T12:39:16+01:00",
          "details": "Please deploy the provided updates and patch releases. We made the relevant jslob path read-only for users.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.6-rev23",
            "OXAS-FRONTEND_7.6.3-rev51",
            "OXAS-FRONTEND_pre8.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.6-rev23",
            "OXAS-FRONTEND_7.6.3-rev51",
            "OXAS-FRONTEND_pre8.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS with non-app deeplinks like \"registry\""
    },
    {
      "cve": "CVE-2023-24602",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-11-02T16:13:12+01:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-2033"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "External content, like post titles, have been evaluated as HTML when adding Tumblr feeds to the portal page."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.6-rev24",
          "OXAS-FRONTEND_8.7"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.6-rev23",
          "OXAS-FRONTEND_8.6"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-10T15:03:55+01:00",
          "details": "Please deploy the provided updates and patch releases. We now insert untrusted external content as plain-text.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.6-rev23",
            "OXAS-FRONTEND_8.6"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.6-rev23",
            "OXAS-FRONTEND_8.6"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account, compromise a Tumblr feed or make the victim include a malicious feed."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS at Tumblr portal widget due to missing content sanitization"
    }
  ]
}

gsd-2023-24602

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.

Aliases

CVE-2023-24602

Aliases

CVE-2023-24602

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-24602",
    "id": "GSD-2023-24602"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-24602"
      ],
      "details": "OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.",
      "id": "GSD-2023-24602",
      "modified": "2023-12-13T01:20:57.642476Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-24602",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://open-xchange.com",
            "refsource": "MISC",
            "url": "https://open-xchange.com"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2023/May/3",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2023/May/3"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.10.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2023-24602"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://open-xchange.com",
              "refsource": "MISC",
              "tags": [
                "Product"
              ],
              "url": "https://open-xchange.com"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2023/May/3",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/May/3"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-06-01T19:43Z",
      "publishedDate": "2023-05-29T03:15Z"
    }
  }
}

Action not permitted

cve-2023-24602

Vulnerability from cvelistv5

ghsa-q3g4-cjxm-8685

Vulnerability from github

oxas-adv-2023-0001

Vulnerability from csaf_ox

gsd-2023-24602

Vulnerability from gsd

Tags