UBUNTU-CVE-2017-8114
- Source
- https://ubuntu.com/security/CVE-2017-8114
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8114.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-8114
- Upstream
- Published
- 2017-04-29T19:59:00Z
- Modified
- 2025-09-08T16:44:15Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
- References
-
- https://ubuntu.com/security/CVE-2017-8114
- https://github.com/roundcube/roundcubemail/releases/tag/1.2.5
- https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.9
- https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50
- https://github.com/roundcube/roundcubemail/releases/tag/1.0.11
- https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e
- https://www.cve.org/CVERecord?id=CVE-2017-8114
Affected packages
Ubuntu:Pro:16.04:LTS / roundcube
Package
- Name
- roundcube
- Purl
- pkg:deb/ubuntu/roundcube@1.2~beta+dfsg.1-0ubuntu1+esm6?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.1.1+dfsg.1-2
1.1.2+dfsg.1-5
1.1.3+dfsg.1-1
1.1.4+dfsg.1-1
1.2~beta+dfsg.1-0ubuntu1
1.2~beta+dfsg.1-0ubuntu1+esm1
1.2~beta+dfsg.1-0ubuntu1+esm2
1.2~beta+dfsg.1-0ubuntu1+esm3
1.2~beta+dfsg.1-0ubuntu1+esm4
1.2~beta+dfsg.1-0ubuntu1+esm5
1.2~beta+dfsg.1-0ubuntu1+esm6
Ecosystem specific
{
"binaries": [
{
"binary_name": "roundcube",
"binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm6"
},
{
"binary_name": "roundcube-core",
"binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm6"
},
{
"binary_name": "roundcube-mysql",
"binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm6"
},
{
"binary_name": "roundcube-pgsql",
"binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm6"
},
{
"binary_name": "roundcube-plugins",
"binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm6"
},
{
"binary_name": "roundcube-sqlite3",
"binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm6"
}
]
}