First published: Tue Jun 20 2023(Updated: )
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
Credit: security@open-xchange.com security@open-xchange.com
Affected Software | Affected Version | How to fix |
---|---|---|
<7.10.6 | ||
=7.10.6 | ||
=7.10.6-revision_39 | ||
Open-xchange Open-xchange Appsuite Backend | <7.10.6 | |
Open-xchange Open-xchange Appsuite Backend | =7.10.6 | |
Open-xchange Open-xchange Appsuite Backend | =7.10.6-revision_39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-26427 is a vulnerability that occurs due to default permissions for a properties file being too permissive, allowing local system users to read potentially sensitive information.
Open-xchange Appsuite Backend versions up to and including 7.10.6-revision_39 are affected by CVE-2023-26427.
CVE-2023-26427 has a severity level of low (3.3) on the CVSS scale.
No, there are no publicly available exploits known for CVE-2023-26427.
CVE-2023-26427 can be fixed by updating the default permissions for noreply.properties during package installation.