Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-42008
CVE-2024-42008:
Linux Debian vulnerability analysis and mitigation
Overview
A Cross-Site Scripting (XSS) vulnerability was discovered in Roundcube, affecting versions through 1.5.7 and 1.6.x through 1.6.7. The vulnerability exists in the rcmailactionmail_get->run() function, which allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. The vulnerability was discovered by Oskar Zeino-Mahmalat from Sonar and was patched in versions 1.6.8 and 1.5.8 released on August 4, 2024 (Sonar Blog, Roundcube News).
Technical details
The vulnerability has been assigned a CVSS v3.1 Base Score of 9.3 CRITICAL with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. The issue stems from insufficient handling of Content-Type headers in email attachments. When a victim views a malicious email in Roundcube, the attacker can execute arbitrary JavaScript in the victim's browser through the unsafe handling of attachment content types. The vulnerability is particularly concerning as it requires minimal user interaction - for CVE-2024-42008, only a single click by the victim is needed, and the attacker can make this interaction unobvious (Sonar Blog, NVD).
Impact
The vulnerability allows attackers to steal emails, contacts, and the victim's email password, as well as send emails from the victim's account. Attackers can gain a persistent foothold in the victim's browser across restarts, enabling continuous email exfiltration. This is particularly concerning for government agencies and organizations using Roundcube, as it could lead to unauthorized access to sensitive communications (Sonar Blog).
Mitigation and workarounds
The vulnerability has been patched in Roundcube versions 1.6.8 and 1.5.8. Administrators are strongly advised to update their installations immediately. Users who suspect they are affected should change their email passwords and clear the site data of the Roundcube site they are using in their browser. The fix includes converting dangerous MIME types to harmless text/plain and implementing a restrictive Content Security Policy for attachments (Roundcube News, Sonar Blog).
Community reactions
The security community has expressed significant concern about this vulnerability, particularly given Roundcube's widespread use in government agencies and academic institutions. The discovery has highlighted the ongoing security challenges faced by web-based email systems and the importance of proper content sanitization. The vulnerability received considerable attention due to its critical severity and the potential for exploitation by APT groups (Sonar Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management