CVE-2013-5035 — Race Condition in Project Htmlcleaner

CWE-362 — Race Condition3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 67.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htmlcleaner Project Htmlcleaner Open-xchange Appsuite

Timeline

PublishedSep 5

Latest updateMay 17

Description

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

▶NVDopen-xchange/open-xchange_appsuite7.2.2

▶NVDhtmlcleaner_project/htmlcleaner2.5+18

🔴Vulnerability Details

GHSA

GHSA-pxp7-8mq7-mj6j: Multiple race conditions in HtmlCleaner before 2↗2022-05-17

▶

CVEList

CVE-2013-5035: Multiple race conditions in HtmlCleaner before 2↗2013-09-05

▶