Name of the Vulnerable Software and Affected Versions modoboa-dmarc plugin version 1.1.0

Description The issue allows for an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality. This can be achieved by referencing sensitive files within XML documents emailed to the address in the rua field of the DMARC records of a domain.

Recommendations For modoboa-dmarc plugin version 1.1.0, consider disabling the processing of XML data from untrusted sources until a patch is available. Restrict access to sensitive files that could be referenced in an XXE attack to minimize the risk of exploitation.