oxas-adv-2024-0002
Vulnerability from csaf_ox
Published
2024-03-06 00:00
Modified
2024-05-06 00:00
Summary
OX App Suite Security Advisory OXAS-ADV-2024-0002



{
   document: {
      aggregate_severity: {
         text: "MEDIUM",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      lang: "en-US",
      publisher: {
         category: "vendor",
         name: "Open-Xchange GmbH",
         namespace: "https://open-xchange.com/",
      },
      references: [
         {
            category: "external",
            summary: "Release Notes",
            url: "https://documentation.open-xchange.com/appsuite/releases/8.22/",
         },
         {
            category: "self",
            summary: "Canonical CSAF document",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json",
         },
         {
            category: "self",
            summary: "Markdown representation",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/md/2024/oxas-adv-2024-0002.md",
         },
         {
            category: "self",
            summary: "HTML representation",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html",
         },
         {
            category: "self",
            summary: "Plain-text representation",
            url: "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2024/oxas-adv-2024-0002.txt",
         },
      ],
      title: "OX App Suite Security Advisory OXAS-ADV-2024-0002",
      tracking: {
         current_release_date: "2024-05-06T00:00:00+00:00",
         generator: {
            date: "2024-05-06T06:36:32+00:00",
            engine: {
               name: "OX CSAF",
               version: "1.0.0",
            },
         },
         id: "OXAS-ADV-2024-0002",
         initial_release_date: "2024-03-06T00:00:00+01:00",
         revision_history: [
            {
               date: "2024-03-06T00:00:00+01:00",
               number: "1",
               summary: "Initial release",
            },
            {
               date: "2024-05-06T00:00:00+00:00",
               number: "2",
               summary: "Public release",
            },
         ],
         status: "final",
         version: "2",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "8.21",
                        product: {
                           name: "OX App Suite backend 8.21",
                           product_id: "OXAS-BACKEND_8.21",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:8.21:*:*:*:*:*:*:*",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.22",
                        product: {
                           name: "OX App Suite backend 8.22",
                           product_id: "OXAS-BACKEND_8.22",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:8.22:*:*:*:*:*:*:*",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OX App Suite backend",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "8.21",
                        product: {
                           name: "OX App Suite frontend 8.21",
                           product_id: "OXAS-FRONTEND_8.21",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:8.21:*:*:*:*:*:*:*",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.22",
                        product: {
                           name: "OX App Suite frontend 8.22",
                           product_id: "OXAS-FRONTEND_8.22",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:app_suite:8.22:*:*:*:*:*:*:*",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OX App Suite frontend",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "8.21",
                        product: {
                           name: "OX App Suite office 8.21",
                           product_id: "OXAS-OFFICE_8.21",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:office:8.21:*:*:*:*:*:*:*",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.22",
                        product: {
                           name: "OX App Suite office 8.22",
                           product_id: "OXAS-OFFICE_8.22",
                           product_identification_helper: {
                              cpe: "cpe:2.3:a:open-xchange:office:8.22:*:*:*:*:*:*:*",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OX App Suite office",
               },
            ],
            category: "vendor",
            name: "Open-Xchange GmbH",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-23187",
         cwe: {
            id: "CWE-79",
            name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
         },
         discovery_date: "2024-01-29T14:08:40+01:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "MWB-2471",
            },
         ],
         notes: [
            {
               category: "description",
               text: "Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the \"show more\" option.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-BACKEND_8.22",
            ],
            last_affected: [
               "OXAS-BACKEND_8.21",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2024-03-04T13:36:19+01:00",
               details: "Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers.",
               product_ids: [
                  "OXAS-BACKEND_8.21",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "OXAS-BACKEND_8.21",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "XSS by abusing CID replacement",
      },
      {
         cve: "CVE-2024-23186",
         cwe: {
            id: "CWE-79",
            name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
         },
         discovery_date: "2024-02-13T09:15:44+01:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "OXUIB-2735",
            },
         ],
         notes: [
            {
               category: "description",
               text: "E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-FRONTEND_8.22",
            ],
            last_affected: [
               "OXAS-FRONTEND_8.21",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2024-03-04T13:36:48+01:00",
               details: "Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface.",
               product_ids: [
                  "OXAS-FRONTEND_8.21",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "OXAS-FRONTEND_8.22",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Attackers could perform malicious API requests or extract information from the users account.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "XSS with mail displayname in mobile view",
      },
      {
         cve: "CVE-2024-23188",
         cwe: {
            id: "CWE-79",
            name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
         },
         discovery_date: "2024-01-10T15:39:11+01:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "OXUIB-2695",
            },
         ],
         notes: [
            {
               category: "description",
               text: "Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-FRONTEND_8.22",
            ],
            last_affected: [
               "OXAS-FRONTEND_8.21",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2024-03-04T13:36:33+01:00",
               details: "Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface.",
               product_ids: [
                  "OXAS-FRONTEND_8.21",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "OXAS-FRONTEND_8.21",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Attackers could perform malicious API requests or extract information from the users account.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "XSS using mail attachment file names",
      },
      {
         cve: "CVE-2024-23193",
         cwe: {
            id: "CWE-200",
            name: "Exposure of Sensitive Information to an Unauthorized Actor",
         },
         discovery_date: "2024-01-10T16:26:10+01:00",
         ids: [
            {
               system_name: "OX Bug",
               text: "DOCS-5199",
            },
         ],
         notes: [
            {
               category: "description",
               text: "E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account.",
            },
         ],
         product_status: {
            first_fixed: [
               "OXAS-OFFICE_8.22",
            ],
            last_affected: [
               "OXAS-OFFICE_8.21",
            ],
         },
         remediations: [
            {
               category: "vendor_fix",
               date: "2024-02-09T13:17:36+01:00",
               details: "Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions.",
               product_ids: [
                  "OXAS-OFFICE_8.21",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "OXAS-OFFICE_8.21",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters.",
            },
            {
               category: "exploit_status",
               details: "No publicly available exploits are known.",
            },
         ],
         title: "Documentconverter allows access to other user exported PDF files",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.