Symptoms
An RCE vulnerability was recently discovered in horde, which can be exploited with the only requirement being that the victim opens a malicious email. More information about this vulnerability is in the link below:
https://blog.sonarsource.com/horde-webmail-rce-via-email/
CVE link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287
Description
The discovered code vulnerability (CVE-2022-30287) allows an authenticated user of a Horde instance to execute arbitrary code on the underlying server. The vulnerability exists in the default configuration and can be exploited without knowledge of the configuration of the targeted Horde instance.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-40754. Follow this article to receive an email notification when a solution is published in the product.
Workaround
Our development team is actively working on a resolution for this issue. Until this is published, we recommend that our clients disable horde using the method below.
Sign into WHM as the Root user >> Tweak Settings >> Mail >> Enable Horde Webmail ( OFF )