CVE-2024-42010 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-42010 at MITRE

Description

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1228901 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`roundcubemail >= 1.6.8-1.1`	Patchnames: openSUSE-Tumbleweed-2024-14243

SUSE Timeline for this CVE

CVE page created: Mon Aug 5 22:00:17 2024
CVE page last modified: Sat Sep 7 15:50:22 2024