CVE-2017-7413

high

Description

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.

References

https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html

https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html

Details

Source: Mitre, NVD

Published: 2017-04-04

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High