[Git][security-tracker-team/security-tracker][master] CVE-2022-26874/php-horde-mime-viewer assigned
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 11 07:53:09 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9da89620 by Salvatore Bonaccorso at 2022-03-11T08:52:37+01:00
CVE-2022-26874/php-horde-mime-viewer assigned
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2801,7 +2801,7 @@ CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monit
NOT-FOR-US: Various vendors for Mobile device monitoring services
CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...)
- dolibarr <removed>
-CVE-2022-XXXX [Account Takeover via Email of OpenOffice file containing XSS exploit]
+CVE-2022-26874 [Account Takeover via Email of OpenOffice file containing XSS exploit]
- php-horde-mime-viewer 2.2.4+debian0-1
NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da8962066ad0832c408bbdcf88a40b1f7ee1ad2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da8962066ad0832c408bbdcf88a40b1f7ee1ad2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220311/6fdcca74/attachment.htm>
More information about the debian-security-tracker-commits
mailing list