Knowledge Base

CVE-2024-42008, CVE-2024-42009, CVE-2024-42010 vulnerabilities in Roundcube

Impact

CVE-2024-42008, CVE-2024-42009, CVE-2024-42010 vulnerabilities were discovered in Roundcube.

Situation

Roundcube before 1.5.8/1.6.8 versions has these vulnerabilities:

XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
Information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]

Call to action

The vulnerabilities are fixed in Plesk Obsidian 18.0.63 #1.

Update Plesk to the latest version.

Related Posts

Plesk Obsidian 18.0.69 is Here!

Now Available: Plesk Obsidian 18.0.68

Plesk Obsidian 18.0.67 Has Arrived!

Knowledge Base

CVE-2021-46144: Vulnerability in Roundcube

CVE-2023-5631 vulnerability in Roundcube

Swiftmailer/Symfonymailer or Prestashop messages stopped working after upgrading Plesk to version 18.0.45

Excessive SRS header is displayed in From field in mail clients for some forwarded emails

Hosting Wiki