Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Jun/8 | Mailing List Third Party Advisory |
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json | |
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: OX
Published: 2023-06-20T07:51:39.840Z
Updated: 2024-01-12T07:14:43.792Z
Reserved: 2023-02-22T20:42:56.089Z
Link: CVE-2023-26429
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-20T08:15:09.230
Modified: 2024-01-12T08:15:40.080
Link: CVE-2023-26429
JSON object: View
Redhat Information
No data.
CWE