FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- file disclosure vulnerability

Affected packages
roundcube < 1.3.3,1

Details

VuXML ID f622608c-c53c-11e7-a633-009c02a2ab30
Discovery 2017-11-06
Entry 2017-11-11

MITRE reports:

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session.

References

CVE Name CVE-2017-16651
FreeBSD PR 223557
URL https://github.com/roundcube/roundcubemail/issues/6026
URL https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10