[CDP-development] TLP: GREEN (Vulnerability Alert Notification) - CVE-2023-43770: Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Mon Feb 12 12:21:55 PST 2024 

Good afternoon,

The SOC Services team is reporting on the vulnerability: CVE-2023-43770: Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:


History: On September 5, 2023, Google released an update for Chromium fixing CVE-2023-4762. CVE-2023-4762 has been assigned an CVSS score of 6.1. A CVE was established on September 22, 2023, and CISA added the vulnerabilities to their list of Known Exploited Vulnerabilities on February 12, 2024. CVE-2023-43770 is described as a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers,which could lead to information disclosure via malicious link references in plain/text messages.

Affected versions:

  *   roundcube/1.6.2+dfsg-1
  *   roundcube/1.4.13+dfsg.1-1~deb11u1
  *   roundcube/ 1.6.1+dfsg-1
Fixed Versions:

  *   roundcube/1.6.3+dfsg-1
  *   roundcube/1.4.14+dfsg.1-1~deb11u1
  *   roundcube/1.6.3+dfsg-1~deb12u1

The Security update regarding CVE-2023-43770 from Roundcube can be found here: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released

Intelligence: As of February 12, 2024, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.

Post-Exploit: Upon successful exploitation of the vulnerability, it can lead to information disclosure via malicious link references in plain/text messages.

As of February 12, 2024, the following vulnerability plugin has been released and is currently in Tenable Security Center:
Plugin
Title
Severity
181792<https://www.tenable.com/plugins/nessus/181792>
Debian DLA-3577-1 : roundcube - LTS security update
Medium


Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DA58DE.3E2A1420]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240212/d130c03d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240212/d130c03d/attachment-0001.png>

More information about the CDP-development mailing list