Vulnerabilities > CVE-2008-7218 - Security Bypass vulnerability in Horde Products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
horde
critical
nessus

Summary

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.

Nessus

NASL familyFedora Local Security Checks
NASL idFEDORA_2008-2212.NASL
descriptionFix privilege escalation in Horde API. Fix missing ownership validation on share changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-06-01
modified2020-06-02
plugin id31367
published2008-03-07
reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31367
titleFedora 7 : kronolith-2.1.7-1.fc7 (2008-2212)