CVE-2023-26427
LOWopen-xchange_appsuite_backend < 7.10.6 - Unauthenticated Sensitive Information Exposure via Insecure File Permissions
Title source: llmDescription
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jun/8
Release Notes release-notes
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
Vendor Advisory vendor-advisory
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json
Scores
CVSS v3
3.2
EPSS
0.0031
EPSS Percentile
22.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-732
CWE-922
Status
published
Products (2)
open-xchange/open-xchange_appsuite_backend
7.10.6 (2 CPE variants)
open-xchange/open-xchange_appsuite_backend
< 7.10.6
Published
Jun 20, 2023
Tracked Since
Feb 18, 2026