CVE-2017-8114
N/A
N/A
Summary
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
- https://security.gentoo.org/glsa/201707-11
- http://www.securityfocus.com/bid/98445
- https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
References
- https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
- https://security.gentoo.org/glsa/201707-11
- http://www.securityfocus.com/bid/98445
- https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.