Cache Update Fixes User Data Leak in PDF Export
CVE-2024-23193

5.3MEDIUM

Key Information:

Vendor

Open-xchange Gmbh

Status
Ox App Suite
Vendor
CVE Published:
6 May 2024

What is CVE-2024-23193?

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OX App Suite 0 <= 8.21

References

https://documentation.open-xchange.com/appsuite/releases/...
release-notes
https://documentation.open-xchange.com/appsuite/security/...
vendor-advisory
http://seclists.org/fulldisclosure/2024/May/3

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.