As BSI now studies, an IT safety warning a few identified Roundcube vulnerability has obtained an replace. You can examine which merchandise are affected by safety holes right here at information.de.
Federal Office for Security in Information Technology (BSI) reported a safety advisory for Roundcube on May 20, 2024. The software program incorporates a number of vulnerabilities that make it potential to assault. The Linux and Windows working methods in addition to the Fedora Linux and Open Source Roundcube merchandise are affected by the safety vulnerability. This alert was final up to date on May 22, 2024.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Fedora FEDORA:FEDORA-2024-680B8BA54E (From 21 May 2024). Some helpful hyperlinks are listed later on this article.
Many dangers have been reported for Roundcube – Risk: excessive
Risk degree: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop methods. The CVSS commonplace makes it potential to match potential or precise safety dangers based mostly on numerous standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally consider adjustments over time within the danger state of affairs. According to CVSS, the present vulnerability menace is taken into account “excessive” on the idea of 8.8 factors.
The Roundcube Bug: The implications of an IT assault
Roundcube is an open supply webmail system based mostly on PHP.
A distant attacker might exploit a number of vulnerabilities in Roundcube to execute arbitrary instructions or carry out a cross-site scripting (XSS) assault.
Systems affected by the Roundcube vulnerability at a look
Operating methods
Linux, Windows
Products
Fedora Linux Open Source Roundcube Open Source Roundcube
General suggestions for addressing IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually verify the desired sources to see if a brand new safety replace is accessible.
Sources for updates, patches and workarounds
Here you can find some hyperlinks with details about bug studies, safety fixes and workarounds.
Fedora FEDORA:FEDORA-2024-680B8BA54E vom 2024-05-21 (21.05.2024)
For extra data, see:
Fedora FEDORA-EPEL-2024-1f1aef9c1c vom 2024-05-21 (21.05.2024)
For extra data, see:
Fedora FEDORA-2024-a591b4dc74 vom 2024-05-21 (21.05.2024)
For extra data, see:
Roundcube launch notes vom 2024-05-20 (20.05.2024)
For extra data, see:
Version historical past of this safety alert
This is model 3 of this Roundcube IT safety discover. This doc will probably be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.
May 20, 2024 – First model
May 21, 2024 – New updates from Fedora added
May 22, 2024 – CVSS ranking mounted – consumer interplay required
+++ Editorial observe: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can find scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de