Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: OX
Published: 2023-08-02T12:22:54.354Z
Updated: 2024-08-02T11:46:24.527Z
Reserved: 2023-02-22T20:42:56.089Z
Link: CVE-2023-26430
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-02T13:15:10.217
Modified: 2024-01-12T08:15:40.210
Link: CVE-2023-26430
Redhat
No data.