In short, this vulnerability allows an attacker to send a malicious email, and include an external image that can compromise your account simply by opening the email through the Horde webmail client. In turn, the attacker can then gain access to further levels of your organization with access to the exploited individual’s account information.
Any emails in Horde can also be accessed through RoundCube, so we would advise immediately ceasing any usage of Horde and utilizing RoundCube for your webmail needs.
Additionally, cPanel is actively aware of the vulnerability and is currently investigating possible resolutions to this, however, no ETA is available at the moment.
We will be immediately disabling the Horde webmail client for all clients across the board. If you actively utilize Horde and have any information or files stored in the client, our team can provide assistance in retrieving them. Moving forward, we would recommend using RoundCube.
We do apologize for any inconvenience and appreciate you taking the time to review this notice. If you have any questions or concerns about this change, please don’t hesitate to contact our staff for more details.