FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- arbitrary password resets

Affected packages
roundcube < 1.2.5,1

Details

VuXML ID bce47c89-4d3f-11e7-8080-a4badb2f4699
Discovery 2017-04-28
Entry 2017-06-09

Roundcube reports:

Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

References

CVE Name CVE-2017-8114
URL https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11