An unpatched high-severity security flaw has been disclosed in the open-supply RainLoop web-centered email customer that could be weaponized to siphon emails from victims’ inboxes.
“The code vulnerability […] can be easily exploited by an attacker by sending a malicious email to a target that employs RainLoop as a mail client,” SonarSource security researcher Simon Scannell explained in a report revealed this week.
“When the email is considered by the target, the attacker gains total control about the session of the target and can steal any of their email messages, including these that comprise very sensitive information and facts such as passwords, documents, and password reset one-way links.”
Tracked as CVE-2022-29360, the flaw relates to a saved cross-web-site-scripting (XSS) vulnerability impacting the most recent edition of RainLoop (v1.16.) that was produced on May possibly 7, 2021.
Saved XSS flaws, also identified as persistent XSS, arise when a destructive script is injected directly into a target web application’s server by implies of person input (e.g., comment area) which is forever stored in a databases and is later served to other customers.
Impacting all RainLoop installations working beneath default configurations, attack chains leveraging the flaw could take the sort of a specifically crafted email despatched to prospective victims that, when viewed, executes a malicious JavaScript payload in the browser without the need of demanding any consumer conversation.
SonarSource, in its disclosure timeline, explained that it notified the maintainers of RainLoop of the bug on November 30, 2021, and that the software package maker has unsuccessful to issue a resolve for more than four months.
An issue elevated on GitHub by the Swiss code excellent and security firm on December 6, 2021, stays open up to date. We have arrived at out to RainLoop for remark, and we will update the story if we listen to back.
In the absence of patches, SonarSource is recommending end users to migrate to a RainLoop fork called SnappyMail, which is actively maintained and unaffected by the security issue.
Discovered this write-up intriguing? Comply with THN on Facebook, Twitter and LinkedIn to examine additional special content we write-up.
Some parts of this article are sourced from:
thehackernews.com