| Vulnerability Name: | CVE-2017-16651 (CCN-134678) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2017-11-06 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2017-11-06 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2021-03-04 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-552 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-16651 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html Source: BID Type: Third Party Advisory, VDB Entry 101793 Source: CCN Type: BID-101793 Roundcube Webmail CVE-2017-16651 Information Disclosure Vulnerability Source: XF Type: UNKNOWN roundcube-cve201716651-info-disc(134678) Source: CCN Type: roundcubemail GIT Repository File Disclosure Vulnerability #6026 Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://github.com/roundcube/roundcubemail/issues/6026 Source: CONFIRM Type: Issue Tracking, Release Notes, Third Party Advisory https://github.com/roundcube/roundcubemail/releases/tag/1.1.10 Source: CONFIRM Type: Issue Tracking, Release Notes, Third Party Advisory https://github.com/roundcube/roundcubemail/releases/tag/1.2.7 Source: CONFIRM Type: Issue Tracking, Release Notes, Third Party Advisory https://github.com/roundcube/roundcubemail/releases/tag/1.3.3 Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update Source: CCN Type: Packet Storm Security [02-01-2021] Roundcube Webmail 1.2 File Disclosure Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10 Source: CCN Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY KNOWN EXPLOITED VULNERABILITIES CATALOG Source: DEBIAN Type: Issue Tracking, Third Party Advisory DSA-4030 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-01-2021] | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||