Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/101793 | Third Party Advisory VDB Entry |
https://github.com/roundcube/roundcubemail/issues/6026 | Issue Tracking Patch Third Party Advisory |
https://github.com/roundcube/roundcubemail/releases/tag/1.1.10 | Issue Tracking Release Notes Third Party Advisory |
https://github.com/roundcube/roundcubemail/releases/tag/1.2.7 | Issue Tracking Release Notes Third Party Advisory |
https://github.com/roundcube/roundcubemail/releases/tag/1.3.3 | Issue Tracking Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html | Mailing List Third Party Advisory |
https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10 | Issue Tracking Vendor Advisory |
https://www.debian.org/security/2017/dsa-4030 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2017-11-09 14:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-16651
Mitre link : CVE-2017-16651
CVE.ORG link : CVE-2017-16651
JSON object : View
Products Affected
debian
- debian_linux
roundcube
- webmail
CWE
CWE-552
Files or Directories Accessible to External Parties