cvelistv5 - cve-2020-12625

CVE-2020-12625 (GCVE-0-2020-12625)

Vulnerability from cvelistv5

Published

2020-05-04 01:57

Modified

2024-08-04 12:04

Severity ?

CWE

Summary

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2020-12625

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

Aliases

CVE-2020-12625

Aliases

CVE-2020-12625

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-12625",
    "description": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.",
    "id": "GSD-2020-12625",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-12625.html",
      "https://www.debian.org/security/2020/dsa-4674",
      "https://advisories.mageia.org/CVE-2020-12625.html",
      "https://ubuntu.com/security/CVE-2020-12625"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-12625"
      ],
      "details": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.",
      "id": "GSD-2020-12625",
      "modified": "2023-12-13T01:21:48.891593Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-12625",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0",
            "refsource": "MISC",
            "url": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0"
          },
          {
            "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4",
            "refsource": "MISC",
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"
          },
          {
            "name": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4",
            "refsource": "MISC",
            "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"
          },
          {
            "name": "DSA-4674",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4674"
          },
          {
            "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube",
            "refsource": "MISC",
            "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube"
          },
          {
            "name": "GLSA-202007-41",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202007-41"
          },
          {
            "name": "openSUSE-SU-2020:1516",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12625"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"
            },
            {
              "name": "DSA-4674",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4674"
            },
            {
              "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube"
            },
            {
              "name": "GLSA-202007-41",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-41"
            },
            {
              "name": "openSUSE-SU-2020:1516",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-09-02T15:42Z",
      "publishedDate": "2020-05-04T02:15Z"
    }
  }
}

opensuse-su-2020:1516-1

Vulnerability from csaf_opensuse

Published

2020-09-24 12:21

Modified

2020-09-24 12:21

Summary

Security update for roundcubemail

Notes

Title of the patch

Security update for roundcubemail

Description of the patch

This update for roundcubemail fixes the following issues: roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. (boo#1175135) * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145] * Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content From 1.3.14 (boo#1173792 -> CVE-2020-15562) * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace From 1.3.13 * Installer: Fix regression in SMTP test section (#7417) From 1.3.12 * Security: Better fix for CVE-2020-12641 (boo#1171148) * Security: Fix XSS issue in template object 'username' (#7406) * Security: Fix couple of XSS issues in Installer (#7406) * Security: Fix cross-site scripting (XSS) via malicious XML attachment From 1.3.11 (boo#1171148 -> CVE-2020-12641 boo#1171040 -> CVE-2020-12625 boo#1171149 -> CVE-2020-12640) * Enigma: Fix compatibility with Mail_Mime >= 1.10.5 * Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930) * Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980) * Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991) * Fix PHP warning: 'array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003) * Security: Fix XSS issue in handling of CDATA in HTML messages * Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings * Security: Fix local file inclusion (and code execution) via crafted 'plugins' option * Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) From 1.3.10 (boo#1146286) * Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled (#6723) * Enigma: Fix bug where revoked users/keys were not greyed out in key info * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) * Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785) * Fix bug where bmp images couldn't be displayed on some systems (#6728) * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) * Fix bug where selection of columns on messages list wasn't working * Fix bug in converting multi-page Tiff images to Jpeg (#6824) * Fix wrong messages order after returning to a multi-folder search result (#6836) * Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866) * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) From 1.3.9 (boo#1115718) * Fix TinyMCE download location (#6694) * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) * Fix handling of empty entries in vCard import (#6564) * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) * Fix missing CSRF token on a link to download too-big message part (#6621) * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) From 1.3.8 * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) * Enigma: Fix deleting keys with authentication subkeys (#6381) * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) * Fix so Classic skin splitter does not escape out of window (#6397) * Fix XSS issue in handling invalid style tag content (#6410) * Fix compatibility with MySQL 8 - error on 'system' table use * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) * Fix support for 'allow-from <uri>' in 'x_frame_options' config option (#6449) * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) * Fix multiple VCard field search (#6466) * Fix session issue on long running requests (#6470) From 1.3.7 (boo#1115719) * Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) * Fix bug where some parts of quota information could have been ignored (#6280) * Fix bug where some escape sequences in html styles could bypass security checks * Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names * Fix bug where only attachments with the same name would be ignored on zip download (#6301) * Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) * Fix bug where after 'mark all folders as read' action message counters were not reset (#6307) * Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) * Fix bug where some HTML comments could have been malformed by HTML parser (#6333)

Patchnames

openSUSE-2020-1516

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for roundcubemail",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for roundcubemail fixes the following issues:\n\nroundcubemail was upgraded to 1.3.15\n\nThis is a security update to the LTS version 1.3. (boo#1175135)\n\n  * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]\n  * Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content\n\nFrom 1.3.14 (boo#1173792 -\u003e CVE-2020-15562)\n\n  * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace\n\nFrom 1.3.13\n\n  * Installer: Fix regression in SMTP test section (#7417)\n\nFrom 1.3.12\n\n  * Security: Better fix for CVE-2020-12641 (boo#1171148)\n  * Security: Fix XSS issue in template object \u0027username\u0027 (#7406)\n  * Security: Fix couple of XSS issues in Installer (#7406)\n  * Security: Fix cross-site scripting (XSS) via malicious XML attachment\n\nFrom 1.3.11 (boo#1171148 -\u003e CVE-2020-12641 boo#1171040 -\u003e CVE-2020-12625 boo#1171149 -\u003e CVE-2020-12640)\n\n  * Enigma: Fix compatibility with Mail_Mime \u003e= 1.10.5\n  * Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930)\n  * Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980)\n  * Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991)\n  * Fix PHP warning: \u0027array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)\n  * Security: Fix XSS issue in handling of CDATA in HTML messages\n  * Security: Fix remote code execution via crafted \u0027im_convert_path\u0027 or \u0027im_identify_path\u0027 settings\n  * Security: Fix local file inclusion (and code execution) via crafted \u0027plugins\u0027 option\n  * Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)\n\nFrom 1.3.10 (boo#1146286)\n\n  * Managesieve: Fix so \u0027Create filter\u0027 option does not show up when Filters menu is disabled (#6723)\n  * Enigma: Fix bug where revoked users/keys were not greyed out in key info\n  * Enigma: Fix error message when trying to encrypt with a revoked key (#6607)\n  * Enigma: Fix \u0027decryption oracle\u0027 bug [CVE-2019-10740] (#6638) \n  * Fix compatibility with kolab/net_ldap3 \u003e 1.0.7 (#6785)\n  * Fix bug where bmp images couldn\u0027t be displayed on some systems (#6728)\n  * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)\n  * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)\n  * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)\n  * Fix bug where Next/Prev button in mail view didn\u0027t work with multi-folder search result (#6793)\n  * Fix bug where selection of columns on messages list wasn\u0027t working\n  * Fix bug in converting multi-page Tiff images to Jpeg (#6824)\n  * Fix wrong messages order after returning to a multi-folder search result (#6836)\n  * Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)\n  * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)\n  * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)\n  * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)\n  * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)\n\nFrom 1.3.9 (boo#1115718)\n\n  * Fix TinyMCE download location (#6694)\n  * Fix bug where a message/rfc822 part without a filename wasn\u0027t listed on the attachments list (#6494)\n  * Fix handling of empty entries in vCard import (#6564)\n  * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)\n  * Fix PHP 7.2 compatibility in debug_logger plugin (#6586)\n  * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)\n  * Fix so mime_content_type check in Installer uses files that should always\n    be available (i.e. from program/resources) (#6599)\n  * Fix missing CSRF token on a link to download too-big message part (#6621)\n  * Fix bug when aborting dragging with ESC key didn\u0027t stop the move action (#6623)\n  * Fix bug where next row wasn\u0027t selected after deleting a collapsed thread (#6655)\n\nFrom 1.3.8 \n\n  * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)\n  * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)\n  * Enigma: Fix deleting keys with authentication subkeys (#6381)\n  * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)\n  * Fix so Classic skin splitter does not escape out of window (#6397)\n  * Fix XSS issue in handling invalid style tag content (#6410)\n  * Fix compatibility with MySQL 8 - error on \u0027system\u0027 table use\n  * Managesieve: Fix bug where show_real_foldernames setting wasn\u0027t respected (#6422)\n  * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)\n  * Fix support for \u0027allow-from \u003curi\u003e\u0027 in \u0027x_frame_options\u0027 config option (#6449)\n  * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)\n  * Fix multiple VCard field search (#6466)\n  * Fix session issue on long running requests (#6470)\n\nFrom 1.3.7 (boo#1115719)\n\n  * Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)\n  * Fix bug where some parts of quota information could have been ignored (#6280)\n  * Fix bug where some escape sequences in html styles could bypass security checks\n  * Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names\n  * Fix bug where only attachments with the same name would be ignored on zip download (#6301)\n  * Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)\n  * Fix bug where after \u0027mark all folders as read\u0027 action message counters were not reset (#6307)\n  * Enigma: [EFAIL] Don\u0027t decrypt PGP messages with no MDC protection (#6289)\n  * Fix bug where some HTML comments could have been malformed by HTML parser (#6333)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1516",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1516-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1516-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3FA23YXQFYWKLULMWY4AOGET45U5NWC4/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1516-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3FA23YXQFYWKLULMWY4AOGET45U5NWC4/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115718",
        "url": "https://bugzilla.suse.com/1115718"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115719",
        "url": "https://bugzilla.suse.com/1115719"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1146286",
        "url": "https://bugzilla.suse.com/1146286"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171040",
        "url": "https://bugzilla.suse.com/1171040"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171148",
        "url": "https://bugzilla.suse.com/1171148"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171149",
        "url": "https://bugzilla.suse.com/1171149"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173792",
        "url": "https://bugzilla.suse.com/1173792"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175135",
        "url": "https://bugzilla.suse.com/1175135"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-10740 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-10740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12625 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12625/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12640 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12640/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12641 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12641/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15562 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15562/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16145 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16145/"
      }
    ],
    "title": "Security update for roundcubemail",
    "tracking": {
      "current_release_date": "2020-09-24T12:21:24Z",
      "generator": {
        "date": "2020-09-24T12:21:24Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1516-1",
      "initial_release_date": "2020-09-24T12:21:24Z",
      "revision_history": [
        {
          "date": "2020-09-24T12:21:24Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "roundcubemail-1.3.15-bp152.4.3.1.noarch",
                "product": {
                  "name": "roundcubemail-1.3.15-bp152.4.3.1.noarch",
                  "product_id": "roundcubemail-1.3.15-bp152.4.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP1",
                "product": {
                  "name": "SUSE Package Hub 15 SP1",
                  "product_id": "SUSE Package Hub 15 SP1"
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP2",
                "product": {
                  "name": "SUSE Package Hub 15 SP2",
                  "product_id": "SUSE Package Hub 15 SP2"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.3.15-bp152.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        },
        "product_reference": "roundcubemail-1.3.15-bp152.4.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.3.15-bp152.4.3.1.noarch as component of SUSE Package Hub 15 SP2",
          "product_id": "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        },
        "product_reference": "roundcubemail-1.3.15-bp152.4.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.3.15-bp152.4.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        },
        "product_reference": "roundcubemail-1.3.15-bp152.4.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.3.15-bp152.4.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        },
        "product_reference": "roundcubemail-1.3.15-bp152.4.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-10740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-10740",
          "url": "https://www.suse.com/security/cve/CVE-2019-10740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131801 for CVE-2019-10740",
          "url": "https://bugzilla.suse.com/1131801"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2019-10740",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-24T12:21:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-10740"
    },
    {
      "cve": "CVE-2020-12625",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12625"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12625",
          "url": "https://www.suse.com/security/cve/CVE-2020-12625"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171040 for CVE-2020-12625",
          "url": "https://bugzilla.suse.com/1171040"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-12625",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-24T12:21:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12625"
    },
    {
      "cve": "CVE-2020-12640",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12640"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12640",
          "url": "https://www.suse.com/security/cve/CVE-2020-12640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171149 for CVE-2020-12640",
          "url": "https://bugzilla.suse.com/1171149"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-12640",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-24T12:21:24Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-12640"
    },
    {
      "cve": "CVE-2020-12641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12641",
          "url": "https://www.suse.com/security/cve/CVE-2020-12641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171148 for CVE-2020-12641",
          "url": "https://bugzilla.suse.com/1171148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-12641",
          "url": "https://bugzilla.suse.com/1175135"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1226069 for CVE-2020-12641",
          "url": "https://bugzilla.suse.com/1226069"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-24T12:21:24Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-12641"
    },
    {
      "cve": "CVE-2020-15562",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15562"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15562",
          "url": "https://www.suse.com/security/cve/CVE-2020-15562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173792 for CVE-2020-15562",
          "url": "https://bugzilla.suse.com/1173792"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-15562",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-24T12:21:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-15562"
    },
    {
      "cve": "CVE-2020-16145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
          "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16145",
          "url": "https://www.suse.com/security/cve/CVE-2020-16145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-16145",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "SUSE Package Hub 15 SP2:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.1:roundcubemail-1.3.15-bp152.4.3.1.noarch",
            "openSUSE Leap 15.2:roundcubemail-1.3.15-bp152.4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-24T12:21:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16145"
    }
  ]
}

fkie_cve-2020-12625

Vulnerability from fkie_nvd

Published

2020-05-04 02:15

Modified

2024-11-21 04:59

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html	Third Party Advisory
cve@mitre.org	https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0	Patch, Third Party Advisory
cve@mitre.org	https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4	Patch, Third Party Advisory
cve@mitre.org	https://github.com/roundcube/roundcubemail/releases/tag/1.4.4	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202007-41	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4674	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/releases/tag/1.4.4	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202007-41	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4674	Third Party Advisory

Impacted products

Vendor	Product	Version
roundcube	webmail	*
debian	debian_linux	9.0
debian	debian_linux	10.0
opensuse	backports_sle	15.0
opensuse	backports_sle	15.0
opensuse	leap	15.1
opensuse	leap	15.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C1E362-3888-4275-9386-8CF7CF1F492A",
              "versionEndExcluding": "1.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Roundcube Webmail versiones anteriores a 1.4.4. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo rcube_washtml.php porque el c\u00f3digo JavaScript puede aparecer en el CDATA de un mensaje HTML."
    }
  ],
  "id": "CVE-2020-12625",
  "lastModified": "2024-11-21T04:59:56.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-04T02:15:11.520",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-41"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4674"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-mv3h-r8j8-38cc

Vulnerability from github

Published

2022-05-24 17:17

Modified

2022-09-03 00:00

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-04T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.",
  "id": "GHSA-mv3h-r8j8-38cc",
  "modified": "2022-09-03T00:00:19Z",
  "published": "2022-05-24T17:17:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12625-Cross%20Site-Scripting%20via%20Malicious%20HTML%20Attachment-Roundcube"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-41"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4674"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2020-31749

Vulnerability from cnvd

Title

Roundcube Webmail跨站脚本漏洞（CNVD-2020-31749）

Description

Roundcube Webmail是一款基于浏览器的开源IMAP客户端，它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.4.4之前版本中的rcube_washtml.php文件存在跨站脚本漏洞，该漏洞源于WEB应用缺少对客户端数据的正确验证，攻击者可利用该漏洞执行客户端代码。

Severity

中

Patch Name

Roundcube Webmail跨站脚本漏洞（CNVD-2020-31749）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/roundcube/roundcubemail/releases/tag/1.4.4

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-12625

Impacted products

Name
RoundCube Webmail <1.4.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12625"
    }
  },
  "description": "Roundcube Webmail\u662f\u4e00\u6b3e\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5f00\u6e90IMAP\u5ba2\u6237\u7aef\uff0c\u5b83\u652f\u6301\u5730\u5740\u8584\u7ba1\u7406\u3001\u4fe1\u606f\u641c\u7d22\u3001\u62fc\u5199\u68c0\u67e5\u7b49\u3002\n\nRoundcube Webmail 1.4.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684rcube_washtml.php\u6587\u4ef6\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/roundcube/roundcubemail/releases/tag/1.4.4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31749",
  "openTime": "2020-06-05",
  "patchDescription": "Roundcube Webmail\u662f\u4e00\u6b3e\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5f00\u6e90IMAP\u5ba2\u6237\u7aef\uff0c\u5b83\u652f\u6301\u5730\u5740\u8584\u7ba1\u7406\u3001\u4fe1\u606f\u641c\u7d22\u3001\u62fc\u5199\u68c0\u67e5\u7b49\u3002\r\n\r\nRoundcube Webmail 1.4.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684rcube_washtml.php\u6587\u4ef6\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Roundcube Webmail\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-31749\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "RoundCube Webmail \u003c1.4.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-12625",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-06",
  "title": "Roundcube Webmail\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-31749\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-12625 (GCVE-0-2020-12625)

Vulnerability from cvelistv5

gsd-2020-12625

Vulnerability from gsd

opensuse-su-2020:1516-1

Vulnerability from csaf_opensuse

fkie_cve-2020-12625

Vulnerability from fkie_nvd

ghsa-mv3h-r8j8-38cc

Vulnerability from github

cnvd-2020-31749

Vulnerability from cnvd

Tags

Sightings

Nomenclature