Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Jun/8 | Mailing List Third Party Advisory |
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json | |
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: OX
Published: 2023-06-20T07:51:27.239Z
Updated: 2024-01-12T07:15:33.896Z
Reserved: 2023-02-22T20:42:56.088Z
Link: CVE-2023-26427
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-20T08:15:09.073
Modified: 2024-01-12T08:15:39.610
Link: CVE-2023-26427
JSON object: View
Redhat Information
No data.