Symptoms
An RCE vulnerability was recently discovered in Horde, which can be exploited with the only requirement being that the victim opens a malicious email. More information about this vulnerability is in the link below:
https://blog.sonarsource.com/horde-webmail-rce-via-email/
CVE link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287
Description
The discovered code vulnerability (CVE-2022-30287) allows an authenticated user of a Horde instance to execute arbitrary code on the underlying server. The vulnerability exists in the default configuration and can be exploited without knowledge of the configuration of the targeted Horde instance.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-40754. Follow this article to receive an email notification when a solution is published in the product.
Workaround
At this time, our developers have patched this vulnerability in versions 11.104.0.5. This has also been patched in LTS version 11.102.0.19. Please ensure your cPanel version is up to date.
You can confirm Horde has been patched with the following command:
rpm -q --changelog cpanel-php74-turba | grep -E 'CVE-2022-30287'
If Horde has been patched you will see the following output:
[root@host ~]# # rpm -q --changelog cpanel-php74-turba | grep -E 'CVE-2022-30287'
- Upgrade to 4.2.28 upstream release to fix CVE-2022-30287 RCE