We have disabled the Horde Webmail on all MechanicWeb servers.

Description

An RCE vulnerability was recently discovered in horde Webmail, which can be exploited with the only requirement being that the victim opens a malicious email.

The Horde Webmail vulnerability (CVE-2022-30287) can be abused with a single GET request, bringing cross-site request forgery (CSRF) into play. As a result, an attacker can craft a malicious email and include an external image that exploits the CSRF vulnerability when rendered.

The victim's clear-text credentials are also leaked to the attacker, potentially giving the adversary access to additional services used by the target organization.

Workaround

The cPanel development team is actively working on a resolution for this issue. The case number is CPANEL-40754. We will update this article when a solution is published.

Until then, Horde Webmail will remain disabled on all MechanicWeb servers.

More Information

https://support.cpanel.net/hc/en-us/articles/6483941705239
https://blog.sonarsource.com/horde-webmail-rce-via-email/
https://portswigger.net/daily-swig/horde-webmail-contains-zero-day-rce-bug-with-no-patch-on-the-horizon

CVE Link

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287



Sunday, June 12, 2022

« Back