Security Advisory

CVE-2017-8114

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-04-29 19:00:00

Last updated 2024-08-05 16:27:22

Assigner mitre

State PUBLISHED

Description

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

← Browse all CVEs View on cve.org ↗