PT-2023-19700 · Open Xchange · Ox App Suite

Tim Coen

Published

2023-05-29

Updated

2025-01-14

CVE-2023-24598

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OX App Suite versions prior to 7.10.6-rev37

Description The issue is related to an information leak in the handling of distribution lists. This leak can result in the partial disclosure of private contacts of another user.

Recommendations For versions prior to 7.10.6-rev37, update to version 7.10.6-rev37 or later to resolve the issue. As a temporary workaround, consider restricting access to distribution lists to minimize the risk of private contact disclosure.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2023-24598

Affected Products

Ox App Suite

PT-2023-19700 · Open Xchange · Ox App Suite

CVE-2023-24598

Weakness Enumeration

Related Identifiers

Affected Products

References · 6