VDB
CVE-2024-37385
CVE-2024-37385
PUBLISHED
Es besteht eine Schwachstelle in Roundcube auf Windows-Betriebssystemen. Ein speziell gestalteter "im_convert_path" oder "im_identify_path" erlaubt eine Befehlsinjektion. Ein entfernter Angreifer kann dies ausnutzen, um beliebige Befehle auszuführen. Zur Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.83% · 75.0th percentile
Risk Scores
EPSS Score
0.83%
75.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source Roundcube Webmail <1.5.7 | |
| Debian | Debian Linux | |
| Ubuntu | Ubuntu Linux | |
| Open Source | Open Source Roundcube <1.6.7 | |
| Open Source | Open Source Roundcube Webmail <1.6.7 | |
| Fedora | Fedora Linux <1.6.7 | |
| Open Source | Open Source Roundcube <1.5.7 |
Timeline
- May 20, 2024 CVE Published
- Oct 4, 2024 Coalition ESS Score
- Feb 5, 2025 Coalition ESS Score
- Feb 14, 2025 EPSS Score
- Feb 28, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 Coalition ESS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 27, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1193.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1193 advisory
- https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-a591b4dc74 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1f1aef9c1c advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-680b8ba54e advisory
- https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html advisory
- https://lists.debian.org/debian-security-announce/2024/msg00124.html advisory
- https://ubuntu.com/security/notices/USN-6848-1 advisory
- https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html exploit
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1318.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1318 advisory
- https://github.com/roundcube/roundcubemail/releases/tag/1.5.7 advisory
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2290826 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2290830 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2290828 advisory