1. Home
  2. CVE Database
  3. CVE-2023-26442
LOW · 3.2

CVE-2023-26442

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the ca...

Vulnerability Description

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known.

CVSS Score

3.2

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Open-XchangeOpen-Xchange Appsuite Office< 8.11

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2023-26442?

CVE-2023-26442 is a vulnerability with a CVSS score of 3.2 (LOW). In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the ca...

How severe is CVE-2023-26442?

CVE-2023-26442 has been rated LOW with a CVSS base score of 3.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26442?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite Office.