CVE-2017-7413
published 2017-04-04CVE-2017-7413: In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated…
PriorityP264high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
40.45%
98.5th percentile
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-horde-crypt | < php-horde-crypt 2.7.5-2 (bookworm) | php-horde-crypt 2.7.5-2 (bookworm) |
| horde | groupware | <= 5.2.17 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: authenticated Horde Webmail user with PGP features enabled attempts to encrypt an email to a maliciously crafted email address, resulting in OS command injection ↗
- ·Vulnerability only exploitable when PGP features are enabled in the user's Horde Webmail preferences; disabling PGP removes the attack surface ↗
- ·Affected versions: Horde_Crypt before 2.7.6 and Horde Groupware Webmail Edition through 5.2.17; Debian fixed in package version 2.7.5-2 ↗
- ·Exploitation requires authentication; this is not an unauthenticated/remote attack vector (scope: local per Debian tracker) ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xrq5-qhg4-5hvr: In Horde_Crypt before 2
ghsa_unreviewed·2022-05-13
CVE-2017-7413 [HIGH] CWE-78 GHSA-xrq5-qhg4-5hvr: In Horde_Crypt before 2
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
OSV
CVE-2017-7413: In Horde_Crypt before 2
osv·2017-04-04·CVSS 8.8
CVE-2017-7413 [HIGH] CVE-2017-7413: In Horde_Crypt before 2
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Debian
CVE-2017-7413: php-horde-crypt - In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through ...
vendor_debian·2017·CVSS 8.8
CVE-2017-7413 [HIGH] CVE-2017-7413: php-horde-crypt - In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through ...
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Scope: local
bookworm: resolved (fixed in 2.7.5-2)
bullseye: resolved (fixed in 2.7.5-2)
sid: resolved (fixed in 2.7.5-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-04-04
Published