UBUNTU-CVE-2017-8114
See a problem?- Source
- https://ubuntu.com/security/CVE-2017-8114
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8114.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-8114
- Related
- Published
- 2017-04-29T19:59:00Z
- Modified
- 2024-10-15T14:06:19Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
- References
-
- https://ubuntu.com/security/CVE-2017-8114
- https://github.com/roundcube/roundcubemail/releases/tag/1.2.5
- https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.9
- https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50
- https://github.com/roundcube/roundcubemail/releases/tag/1.0.11
- https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e
- https://www.cve.org/CVERecord?id=CVE-2017-8114
Affected packages
Ubuntu:Pro:16.04:LTS / roundcube
Package
- Name
- roundcube
- Purl
- pkg:deb/ubuntu/roundcube?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / roundcube
Package
- Name
- roundcube
- Purl
- pkg:deb/ubuntu/roundcube?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.6+dfsg.1-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.3.6+dfsg.1-1",
"binary_name": "roundcube"
},
{
"binary_version": "1.3.6+dfsg.1-1",
"binary_name": "roundcube-core"
},
{
"binary_version": "1.3.6+dfsg.1-1",
"binary_name": "roundcube-mysql"
},
{
"binary_version": "1.3.6+dfsg.1-1",
"binary_name": "roundcube-pgsql"
},
{
"binary_version": "1.3.6+dfsg.1-1",
"binary_name": "roundcube-plugins"
},
{
"binary_version": "1.3.6+dfsg.1-1",
"binary_name": "roundcube-sqlite3"
}
]
}