CVE-2024-42010 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-42010 at MITRE

Description

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1228901 [NEW]

SUSE Security Advisories:

openSUSE-SU-2024:0328-1, published Wed Oct 9 16:49:34 2024

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP5	`roundcubemail >= 1.6.8-bp155.2.12.1`	Patchnames: openSUSE-2024-328
SUSE Package Hub 15 SP6	`roundcubemail >= 1.6.8-bp156.2.3.1`	Patchnames: openSUSE-2024-328
openSUSE Leap 15.5	`roundcubemail >= 1.6.8-bp155.2.12.1`	Patchnames: openSUSE-2024-328
openSUSE Leap 15.6	`roundcubemail >= 1.6.8-bp156.2.3.1`	Patchnames: openSUSE-2024-328
openSUSE Tumbleweed	`roundcubemail >= 1.6.8-1.1`	Patchnames: openSUSE-Tumbleweed-2024-14243

SUSE Timeline for this CVE

CVE page created: Mon Aug 5 22:00:17 2024
CVE page last modified: Wed Oct 9 18:00:42 2024