FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- arbitrary password resets

Affected packages
roundcube < 1.2.5,1


VuXML ID bce47c89-4d3f-11e7-8080-a4badb2f4699
Discovery 2017-04-28
Entry 2017-06-09

Roundcube reports:

Roundcube Webmail allows arbitrary password resets by authenticated users. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.


CVE Name CVE-2017-8114