CVE-2024-45800

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45800
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45800.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45800
Aliases
  • GHSA-2rq7-79vp-ffxm
Published
2024-09-16T20:15:47Z
Modified
2024-09-18T00:59:32.545422Z
Summary
[none]
Details

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml() function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to "fix" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript. However, due to the default Content Security Policy the impact of the exploit is minimal. It could be possible to create an attack which leaks some data when loading images through the proxy. This way it might be possible to use the proxy to attack the local system, like with http://localhost:5000/leak. Another attack could be to load a JavaScript attachment of the email. This is very tricky as the email must link to every possible UID as each email has a unique UID which has a value between 1 and 18446744073709551615 v2.38.0 and up now remove unsupported HTML elements which mitigates the issue. Users are advised to upgrade. Older versions can install an extension named "Security mXSS" as a mitigation. This will be available at the administration area at /?admin#/packages. NOTE: this extension can not "fix" malicious code in encrypted messages or (html) attachments as it can't manipulate the JavaScript code for this. It only protects normal message HTML.

References

Affected packages

Git / github.com/the-djmaze/snappymail

Affected ranges

Type
GIT
Repo
https://github.com/the-djmaze/snappymail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cfbc47488a6b2e2ae4be484f501ee1a3485f542e

Affected versions

1.*

1.14.0-djmaze3

2.*

2.12.0
2.20.5

v1.*

v1.10.1.117-beta.1
v1.10.1.121-beta.2
v1.10.1.123
v1.10.1.127
v1.10.2.131-beta.1
v1.10.2.133-beta.2
v1.10.2.136-beta.3
v1.10.2.137-beta.4
v1.10.2.140
v1.10.2.141
v1.10.2.145
v1.10.3.150-beta.1
v1.10.3.151
v1.10.4.160-beta.1
v1.10.4.176-beta.2
v1.10.4.177-beta.3
v1.10.4.179
v1.10.4.180
v1.10.4.181
v1.10.4.183
v1.10.5.192
v1.11.0.201-beta.1
v1.11.0.203
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.1
v1.13.0
v1.14.0
v1.14.0-djmaze
v1.14.0-djmaze2
v1.14.0-djmaze4
v1.14.0-djmaze5
v1.14.0-djmaze6
v1.14.0-djmaze7
v1.14.0-djmaze8
v1.15.0

v2.*

v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.1.0
v2.1.1
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.11.0
v2.12.0-pr1
v2.12.1
v2.12.2
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.17.0
v2.17.1
v2.17.2
v2.17.3
v2.17.4
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.18.4
v2.18.5
v2.18.6
v2.19.2
v2.19.3
v2.19.4
v2.19.6
v2.19.7
v2.2.0
v2.2.1
v2.2.2
v2.20.0
v2.20.2
v2.20.6
v2.21.0
v2.21.1
v2.21.2
v2.21.3
v2.21.4
v2.22.0
v2.22.1
v2.22.2
v2.22.3
v2.22.4
v2.22.5
v2.22.6
v2.22.7
v2.23.0
v2.23.1
v2.24.0
v2.24.1
v2.24.2
v2.24.3
v2.24.4
v2.24.5
v2.24.6
v2.25.0
v2.25.1
v2.25.2
v2.25.3
v2.25.4
v2.25.5
v2.26.0
v2.26.1
v2.26.2
v2.26.3
v2.26.4
v2.27.0
v2.27.1
v2.27.2
v2.27.3
v2.28.0
v2.28.1
v2.28.2
v2.28.3
v2.28.4
v2.29.0
v2.29.1
v2.29.2
v2.29.3
v2.29.4
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.30.0
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.34.1
v2.34.2
v2.35.0
v2.35.1
v2.35.2
v2.35.3
v2.35.4
v2.36.0
v2.36.1
v2.36.2
v2.36.3
v2.36.4
v2.37.0
v2.37.1
v2.37.2
v2.37.3
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.3.1
v2.5.0
v2.5.0-rc.1
v2.5.0-rc.2
v2.5.0-rc.3
v2.5.0-rc.4
v2.5.0.1
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.8.0
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6