What is the severity of USN-6654-1?

The vulnerability USN-6654-1 is classified as a potential cross-site scripting (XSS) issue which can lead to severe security risks.

How do I fix USN-6654-1?

To fix USN-6654-1, upgrade Roundcube to the patched version specified in the advisory, such as 1.6.2+dfsg-1ubuntu0.1 or later.

What impact does USN-6654-1 have on my system?

If exploited, USN-6654-1 could allow attackers to execute arbitrary scripts in the context of a user session, compromising user data.

Which versions of Roundcube are affected by USN-6654-1?

Versions of Roundcube prior to 1.6.2+dfsg-1ubuntu0.1 are affected by vulnerability USN-6654-1.

Is there a workaround for USN-6654-1 if I can't apply the patch immediately?

There are no official workarounds for USN-6654-1; it is recommended to apply the available security update as soon as possible.

Vulnerability/
USN-6654-1

CWE

26/2/2024

USN-6654-1: Roundcube Webmail vulnerability

First published: Mon Feb 26 2024(Updated: )

It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2023-43770)

Affected Software	Affected Version	How to fix
All of
ubuntu/roundcube	<1.6.2+dfsg-1ubuntu0.1	1.6.2+dfsg-1ubuntu0.1
Ubuntu	=23.10
All of
ubuntu/roundcube-core	<1.6.2+dfsg-1ubuntu0.1	1.6.2+dfsg-1ubuntu0.1
Ubuntu	=23.10
All of
ubuntu/roundcube	<1.5.0+dfsg.1-2ubuntu0.1~esm2	1.5.0+dfsg.1-2ubuntu0.1~esm2
Ubuntu	=22.04
All of
ubuntu/roundcube-core	<1.5.0+dfsg.1-2ubuntu0.1~esm2	1.5.0+dfsg.1-2ubuntu0.1~esm2
Ubuntu	=22.04
All of
ubuntu/roundcube	<1.4.3+dfsg.1-1ubuntu0.1~esm3	1.4.3+dfsg.1-1ubuntu0.1~esm3
Ubuntu	=20.04
All of
ubuntu/roundcube-core	<1.4.3+dfsg.1-1ubuntu0.1~esm3	1.4.3+dfsg.1-1ubuntu0.1~esm3
Ubuntu	=20.04
All of
ubuntu/roundcube	<1.3.6+dfsg.1-1ubuntu0.1~esm3	1.3.6+dfsg.1-1ubuntu0.1~esm3
Ubuntu	=18.04
All of
ubuntu/roundcube-core	<1.3.6+dfsg.1-1ubuntu0.1~esm3	1.3.6+dfsg.1-1ubuntu0.1~esm3
Ubuntu	=18.04
All of
ubuntu/roundcube	<1.2~beta+dfsg.1-0ubuntu1+esm3	1.2~beta+dfsg.1-0ubuntu1+esm3
Ubuntu	=16.04
All of
ubuntu/roundcube-core	<1.2~beta+dfsg.1-0ubuntu1+esm3	1.2~beta+dfsg.1-0ubuntu1+esm3
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2023-43770

Frequently Asked Questions

What is the severity of USN-6654-1?
The vulnerability USN-6654-1 is classified as a potential cross-site scripting (XSS) issue which can lead to severe security risks.
How do I fix USN-6654-1?
To fix USN-6654-1, upgrade Roundcube to the patched version specified in the advisory, such as 1.6.2+dfsg-1ubuntu0.1 or later.
What impact does USN-6654-1 have on my system?
If exploited, USN-6654-1 could allow attackers to execute arbitrary scripts in the context of a user session, compromising user data.
Which versions of Roundcube are affected by USN-6654-1?
Versions of Roundcube prior to 1.6.2+dfsg-1ubuntu0.1 are affected by vulnerability USN-6654-1.
Is there a workaround for USN-6654-1 if I can't apply the patch immediately?
There are no official workarounds for USN-6654-1; it is recommended to apply the available security update as soon as possible.

agent/severity
agent/references
agent/weakness
agent/title
agent/last-modified-date
agent/type
agent/event
agent/description
agent/first-publish-date
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/23.10
version/ubuntu/22.04
version/ubuntu/20.04
version/ubuntu/18.04
version/ubuntu/16.04