If you’re self hosting roundcube be sure to update.
It’s only if you view a specifically crafted email in the web client… still worth upgrading of course.
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Submitted 3 months ago by atzanteol@sh.itjust.works to selfhosted@lemmy.world
https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html?m=1
Comments
shadowbert@lemmy.world 2 months ago
atzanteol@sh.itjust.works 2 months ago
Only? “Viewing emails in a web browser” is the entire point of roundcube. It’s trivial to send out millions of “specially created emails” looking for a victim.
shadowbert@lemmy.world 2 months ago
True, but it presumably would still require the user to open them.
But, I was mostly worried that just having the server installed would be enough.
cheddar@programming.dev 3 months ago
I’m not surprised. A cube can’t be round. That’s an obvious design flaw.