CVE-2017-8114

Опубликовано: 29 апр. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

Ссылки

http://www.securityfocus.com/bid/98445
Third Party Advisory
VDB Entry
https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
Exploit
Third Party Advisory
https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/201707-11
Third Party Advisory
http://www.securityfocus.com/bid/98445
Third Party Advisory
VDB Entry
https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
Exploit
Third Party Advisory
https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
Release Notes
Vendor Advisory
https://security.gentoo.org/glsa/201707-11
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

Версия до 1.0.11 (исключая)

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

Версия от 1.1.0 (включая) до 1.1.9 (исключая)

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

Версия от 1.2.0 (включая) до 1.2.5 (исключая)

EPSS

Процентиль: 70%

0.00632

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

CVE-2017-8114

CVSS3: 8.8

ubuntu

почти 9 лет назад

CVE-2017-8114

CVSS3: 8.8

debian

почти 9 лет назад

Roundcube Webmail allows arbitrary password resets by authenticated us ...

openSUSE-SU-2017:1263-1

suse-cvrf

больше 8 лет назад

Security update for roundcubemail

GHSA-4p57-8qx3-4cjv

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 70%

0.00632

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269