A new, unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the mail server simply by sending a specially crafted email to a victim.
“Once the email is accessed, the attacker can silently take over the entire email server without any further user interaction,” SonarSource said in a statement. report shared with The Hacker News. “The vulnerability exists in the default configuration and can be exploited without knowledge of a targeted Horde instance.”
The problem, which was assigned the CVE identifier CVE-2022-30287was reported to the vendor on February 2, 2022. Project Horde officials did not immediately respond to a request for comment regarding the unaddressed vulnerability.
At its core, the issue allows an authenticated user of a Horde instance to execute malicious code on the underlying server by taking advantage of a quirk in the way the client handles contact lists.
This can then be weaponized as part of cross-site request forgery (CSRF) to trigger remote code execution.
CSRF, also known as session overlap, occurs when a web browser is tricked into performing a malicious action in an application a user is logged into. It exploits the trust that a web application has in an authenticated user.
“As a result, an attacker can craft a malicious email and include an external image that, when rendered, exploits the CSRF vulnerability without further victim interaction: the only requirement is that a victim open the email. malicious email.”
The disclosure comes just over three months after another nine-year-old bug was discovered in the software that could allow an adversary to gain full access to email accounts by previewing an attachment. This issue has since been resolved on March 2, 2022.
Considering that Horde Webmail has not been actively maintained since 2017 and dozens of security vulnerabilities have been reported in the productivity suite, users are recommended to upgrade to an alternative service.
“With so much trust placed in webmail servers, they naturally become a very attractive target for attackers,” the researchers said.
“If a sophisticated adversary could compromise a webmail server, they could intercept all emails sent and received, access password reset links, sensitive documents, impersonate staff, and steal all information credentials of users connecting to the webmail service.”