Roundcube CVE-2023-43770 actively exploited
AnsweredCISA Adds One Known Exploited Vulnerability to Catalog
02/12/2024 12:00 PM EST
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
https://nvd.nist.gov/vuln/detail/CVE-2023-43770
-----------------------------------------------------------------------------------------------------------
cPanel is still on vulnerable 1.6.0
-
Is that fixed in 116.0.4?
https://news.cpanel.com/cpanel-tsr-2023-0004-full-disclosure/
0 -
Hey there! That's correct - this has been patched since the versions listed in that update, which are:
11.116.0.4
11.114.0.12
11.110.0.151 -
Awesome, no need to worry then. Wish everybody would use CVE-IDs in changelogs. Would make tracking a lot easier. I mean that's what "Common Vulnerabilities and Exposures" system is for, for easy reference.
1 -
We do include the data in our changelog in the RPM package itself. You can see that with this command:
# rpm -q --changelog cpanel-roundcubemail | grep 2023-43770
- Add patch for CVE-2023-437701 -
Thank you, cPRex
0 -
Sure thing!
0
Please sign in to leave a comment.
Comments
6 comments