MGASA-2020-0206

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2020-0206.html
Import Source
https://advisories.mageia.org/MGASA-2020-0206.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2020-0206
Related
Published
2020-05-08T10:57:54Z
Modified
2020-05-08T10:23:55Z
Summary
Updated roundcubemail packages fix security vulnerabilities
Details

Updated roundcubemail packages fix security vulnerabilities:

  • Cross-Site Scripting (XSS) via malicious HTML content (CVE-2020-12625)
  • CSRF attack can cause an authenticated user to be logged out (CEV-2020-12626)
  • Remote code execution via crafted config options
  • Path traversal vulnerability allowing local file inclusion via crafted 'plugins' option
References
Credits

Affected packages

Mageia:7 / roundcubemail

Package

Name
roundcubemail
Purl
pkg:rpm/mageia/roundcubemail?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.11-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2020-0206.json"