cvelistv5 - cve-2017-16651

CVE-2017-16651 (GCVE-0-2017-16651)

Vulnerability from cvelistv5 – Published: 2017-11-09 14:00 – Updated: 2025-10-21 23:55

CISA

Summary

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-16651

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:27:04.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
          },
          {
            "name": "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
          },
          {
            "name": "101793",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
          },
          {
            "name": "DSA-4030",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4030"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/roundcube/roundcubemail/issues/6026"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-16651",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T20:56:39.530324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-552",
                "description": "CWE-552 Files or Directories Accessible to External Parties",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:30.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2017-16651 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-01T18:06:14.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
        },
        {
          "name": "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
        },
        {
          "name": "101793",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
        },
        {
          "name": "DSA-4030",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4030"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/roundcube/roundcubemail/issues/6026"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3",
              "refsource": "CONFIRM",
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
            },
            {
              "name": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10",
              "refsource": "CONFIRM",
              "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
            },
            {
              "name": "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10",
              "refsource": "CONFIRM",
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
            },
            {
              "name": "101793",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101793"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7",
              "refsource": "CONFIRM",
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
            },
            {
              "name": "DSA-4030",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4030"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/issues/6026",
              "refsource": "CONFIRM",
              "url": "https://github.com/roundcube/roundcubemail/issues/6026"
            },
            {
              "name": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16651",
    "datePublished": "2017-11-09T14:00:00.000Z",
    "dateReserved": "2017-11-07T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:30.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2017-16651",
      "cwes": "[\"CWE-552\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-16651",
      "product": "Roundcube Webmail",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.",
      "vendorProject": "Roundcube",
      "vulnerabilityName": "Roundcube Webmail File Disclosure Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-05-03",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Roundcube Webmail File Disclosure Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.9\", \"matchCriteriaId\": \"5F9E6CBE-8E6F-4BE0-8DBD-521527119EBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6556D4DF-FFF9-4EE0-91EA-84314D7CF071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98A43C92-1266-47DB-B3D9-A12CFE271EEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEFDA8E6-5BD6-4A20-8B67-C9597B67DABA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DB074D9-E258-471F-9FF7-CABE43E763DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD2B08B4-5484-440C-AB40-CAAB41508920\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23D7F18F-FFA7-4D10-B1F6-1499D6F8DB72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C112540F-4CCC-48A9-A30D-D5E808151D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4913F9D6-868C-4AB3-A4CC-03257A417573\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"975DDE40-CE7F-4425-B2F0-523D36894010\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4FBA242-E194-49DE-A740-7216BBFE2039\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.\"}, {\"lang\": \"es\", \"value\": \"Roundcube Webmail, en versiones anteriores a la 1.1.10, versiones 1.2.x anteriores a la 1.2.7 y y versiones 1.3.x anteriores a la 1.3.3, permite el acceso no autorizado a archivos arbitrarios en el sistema de archivos del host, incluyendo archivos de configuraci\\u00f3n, tal y como se explot\\u00f3 en Noviembre 2017 pero sin publicar ninguna prueba de concepto oficial. El atacante debe ser capaz de autenticarse en el sistema objetivo con un nombre de usuario y una contrase\\u00f1a v\\u00e1lidos, ya que el ataque necesita una sesi\\u00f3n activa. El problema est\\u00e1 relacionado con los plugins para adjuntar archivos y las peticiones _task=settings_action=upload-display_from=timezone.\"}]",
      "id": "CVE-2017-16651",
      "lastModified": "2024-11-21T03:16:45.910",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-09T14:29:00.267",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101793\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/issues/6026\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4030\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/issues/6026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-16651\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-09T14:29:00.267\",\"lastModified\":\"2025-10-22T00:16:05.177\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.\"},{\"lang\":\"es\",\"value\":\"Roundcube Webmail, en versiones anteriores a la 1.1.10, versiones 1.2.x anteriores a la 1.2.7 y y versiones 1.3.x anteriores a la 1.3.3, permite el acceso no autorizado a archivos arbitrarios en el sistema de archivos del host, incluyendo archivos de configuraci\u00f3n, tal y como se explot\u00f3 en Noviembre 2017 pero sin publicar ninguna prueba de concepto oficial. El atacante debe ser capaz de autenticarse en el sistema objetivo con un nombre de usuario y una contrase\u00f1a v\u00e1lidos, ya que el ataque necesita una sesi\u00f3n activa. El problema est\u00e1 relacionado con los plugins para adjuntar archivos y las peticiones _task=settings_action=upload-display_from=timezone.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Roundcube Webmail File Disclosure Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.9\",\"matchCriteriaId\":\"5F9E6CBE-8E6F-4BE0-8DBD-521527119EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6556D4DF-FFF9-4EE0-91EA-84314D7CF071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98A43C92-1266-47DB-B3D9-A12CFE271EEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEFDA8E6-5BD6-4A20-8B67-C9597B67DABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DB074D9-E258-471F-9FF7-CABE43E763DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD2B08B4-5484-440C-AB40-CAAB41508920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23D7F18F-FFA7-4D10-B1F6-1499D6F8DB72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C112540F-4CCC-48A9-A30D-D5E808151D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4913F9D6-868C-4AB3-A4CC-03257A417573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"975DDE40-CE7F-4425-B2F0-523D36894010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4FBA242-E194-49DE-A740-7216BBFE2039\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101793\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/issues/6026\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4030\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/issues/6026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\", \"name\": \"[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/101793\", \"name\": \"101793\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4030\", \"name\": \"DSA-4030\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/issues/6026\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T20:27:04.304Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-16651\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T20:56:39.530324Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-16651\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552 Files or Directories Accessible to External Parties\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T20:56:50.387Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2017-11-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\", \"name\": \"[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/101793\", \"name\": \"101793\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4030\", \"name\": \"DSA-4030\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://github.com/roundcube/roundcubemail/issues/6026\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-02-01T18:06:14.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\", \"name\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\", \"name\": \"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html\", \"name\": \"[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\", \"name\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/101793\", \"name\": \"101793\", \"refsource\": \"BID\"}, {\"url\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\", \"name\": \"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2017/dsa-4030\", \"name\": \"DSA-4030\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://github.com/roundcube/roundcubemail/issues/6026\", \"name\": \"https://github.com/roundcube/roundcubemail/issues/6026\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\", \"name\": \"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-16651\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-16651\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T21:05:06.868Z\", \"dateReserved\": \"2017-11-07T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2017-11-09T14:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2017-36359

Vulnerability from cnvd - Published: 2017-12-04

Title

Roundcube Webmail任意文件访问漏洞

Description

RoundCube Webmail是一款基于浏览器的IMAP客户端（邮件客户端），它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.1.10之前的版本、1.2.7之前的1.2.x版本和1.3.3之前的1.3.x版本中存在安全漏洞。攻击者可利用该漏洞访问主机文件系统上的任意文件（包括：配置文件）。

Severity

中

Patch Name

Roundcube Webmail任意文件访问漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-16651

Impacted products

Name
['RoundCube Webmail <1.1.10', 'RoundCube Webmail 1.2.，<1.2.7', 'RoundCube Webmail 1.3.，<1.3.3']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101793"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-16651"
    }
  },
  "description": "RoundCube Webmail\u662f\u4e00\u6b3e\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684IMAP\u5ba2\u6237\u7aef\uff08\u90ae\u4ef6\u5ba2\u6237\u7aef\uff09\uff0c\u5b83\u652f\u6301\u5730\u5740\u8584\u7ba1\u7406\u3001\u4fe1\u606f\u641c\u7d22\u3001\u62fc\u5199\u68c0\u67e5\u7b49\u3002\r\n\r\nRoundcube Webmail 1.1.10\u4e4b\u524d\u7684\u7248\u672c\u30011.2.7\u4e4b\u524d\u76841.2.x\u7248\u672c\u548c1.3.3\u4e4b\u524d\u76841.3.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u4e3b\u673a\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\uff08\u5305\u62ec\uff1a\u914d\u7f6e\u6587\u4ef6\uff09\u3002",
  "discovererName": "david67810.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36359",
  "openTime": "2017-12-04",
  "patchDescription": "RoundCube Webmail\u662f\u4e00\u6b3e\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684IMAP\u5ba2\u6237\u7aef\uff08\u90ae\u4ef6\u5ba2\u6237\u7aef\uff09\uff0c\u5b83\u652f\u6301\u5730\u5740\u8584\u7ba1\u7406\u3001\u4fe1\u606f\u641c\u7d22\u3001\u62fc\u5199\u68c0\u67e5\u7b49\u3002\r\n\r\nRoundcube Webmail 1.1.10\u4e4b\u524d\u7684\u7248\u672c\u30011.2.7\u4e4b\u524d\u76841.2.x\u7248\u672c\u548c1.3.3\u4e4b\u524d\u76841.3.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u4e3b\u673a\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\uff08\u5305\u62ec\uff1a\u914d\u7f6e\u6587\u4ef6\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Roundcube Webmail\u4efb\u610f\u6587\u4ef6\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "RoundCube Webmail \u003c1.1.10",
      "RoundCube Webmail 1.2.*\uff0c\u003c1.2.7",
      "RoundCube Webmail 1.3.*\uff0c\u003c1.3.3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-16651",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-10",
  "title": "Roundcube Webmail\u4efb\u610f\u6587\u4ef6\u8bbf\u95ee\u6f0f\u6d1e"
}

FKIE_CVE-2017-16651

Vulnerability from fkie_nvd - Published: 2017-11-09 14:29 - Updated: 2025-10-22 00:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/101793	Third Party Advisory, VDB Entry
cve@mitre.org	https://github.com/roundcube/roundcubemail/issues/6026	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://github.com/roundcube/roundcubemail/releases/tag/1.1.10	Issue Tracking, Release Notes, Third Party Advisory
cve@mitre.org	https://github.com/roundcube/roundcubemail/releases/tag/1.2.7	Issue Tracking, Release Notes, Third Party Advisory
cve@mitre.org	https://github.com/roundcube/roundcubemail/releases/tag/1.3.3	Issue Tracking, Release Notes, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html	Mailing List, Third Party Advisory
cve@mitre.org	https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10	Issue Tracking, Vendor Advisory
cve@mitre.org	https://www.debian.org/security/2017/dsa-4030	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101793	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/issues/6026	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/releases/tag/1.1.10	Issue Tracking, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/releases/tag/1.2.7	Issue Tracking, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/roundcube/roundcubemail/releases/tag/1.3.3	Issue Tracking, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-4030	Issue Tracking, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651

Impacted products

Vendor	Product	Version
roundcube	webmail	*
roundcube	webmail	1.2.0
roundcube	webmail	1.2.1
roundcube	webmail	1.2.2
roundcube	webmail	1.2.3
roundcube	webmail	1.2.4
roundcube	webmail	1.2.5
roundcube	webmail	1.2.6
roundcube	webmail	1.3.0
roundcube	webmail	1.3.1
roundcube	webmail	1.3.2
debian	debian_linux	7.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Roundcube Webmail File Disclosure Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F9E6CBE-8E6F-4BE0-8DBD-521527119EBF",
              "versionEndIncluding": "1.1.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6556D4DF-FFF9-4EE0-91EA-84314D7CF071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98A43C92-1266-47DB-B3D9-A12CFE271EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEFDA8E6-5BD6-4A20-8B67-C9597B67DABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DB074D9-E258-471F-9FF7-CABE43E763DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD2B08B4-5484-440C-AB40-CAAB41508920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D7F18F-FFA7-4D10-B1F6-1499D6F8DB72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C112540F-4CCC-48A9-A30D-D5E808151D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4913F9D6-868C-4AB3-A4CC-03257A417573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "975DDE40-CE7F-4425-B2F0-523D36894010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FBA242-E194-49DE-A740-7216BBFE2039",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests."
    },
    {
      "lang": "es",
      "value": "Roundcube Webmail, en versiones anteriores a la 1.1.10, versiones 1.2.x anteriores a la 1.2.7 y y versiones 1.3.x anteriores a la 1.3.3, permite el acceso no autorizado a archivos arbitrarios en el sistema de archivos del host, incluyendo archivos de configuraci\u00f3n, tal y como se explot\u00f3 en Noviembre 2017 pero sin publicar ninguna prueba de concepto oficial. El atacante debe ser capaz de autenticarse en el sistema objetivo con un nombre de usuario y una contrase\u00f1a v\u00e1lidos, ya que el ataque necesita una sesi\u00f3n activa. El problema est\u00e1 relacionado con los plugins para adjuntar archivos y las peticiones _task=settings_action=upload-display_from=timezone."
    }
  ],
  "id": "CVE-2017-16651",
  "lastModified": "2025-10-22T00:16:05.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2017-11-09T14:29:00.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101793"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/issues/6026"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/issues/6026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4030"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

OPENSUSE-SU-2024:11303-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

roundcubemail-1.4.11-1.3 on GA media

Notes

Title of the patch

roundcubemail-1.4.11-1.3 on GA media

Description of the patch

These are all security issues fixed in the roundcubemail-1.4.11-1.3 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11303

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "roundcubemail-1.4.11-1.3 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the roundcubemail-1.4.11-1.3 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11303",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11303-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16651 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16651/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-6820 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-6820/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8114 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8114/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-9846 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-9846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-10740 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-10740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12641 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12641/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-16145 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-16145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-35730 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-35730/"
      }
    ],
    "title": "roundcubemail-1.4.11-1.3 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11303-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "roundcubemail-1.4.11-1.3.aarch64",
                "product": {
                  "name": "roundcubemail-1.4.11-1.3.aarch64",
                  "product_id": "roundcubemail-1.4.11-1.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "roundcubemail-1.4.11-1.3.ppc64le",
                "product": {
                  "name": "roundcubemail-1.4.11-1.3.ppc64le",
                  "product_id": "roundcubemail-1.4.11-1.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "roundcubemail-1.4.11-1.3.s390x",
                "product": {
                  "name": "roundcubemail-1.4.11-1.3.s390x",
                  "product_id": "roundcubemail-1.4.11-1.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "roundcubemail-1.4.11-1.3.x86_64",
                "product": {
                  "name": "roundcubemail-1.4.11-1.3.x86_64",
                  "product_id": "roundcubemail-1.4.11-1.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.4.11-1.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64"
        },
        "product_reference": "roundcubemail-1.4.11-1.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.4.11-1.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le"
        },
        "product_reference": "roundcubemail-1.4.11-1.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.4.11-1.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x"
        },
        "product_reference": "roundcubemail-1.4.11-1.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "roundcubemail-1.4.11-1.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        },
        "product_reference": "roundcubemail-1.4.11-1.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16651",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16651"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16651",
          "url": "https://www.suse.com/security/cve/CVE-2017-16651"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067574 for CVE-2017-16651",
          "url": "https://bugzilla.suse.com/1067574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-16651"
    },
    {
      "cve": "CVE-2017-6820",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-6820"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-6820",
          "url": "https://www.suse.com/security/cve/CVE-2017-6820"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1029035 for CVE-2017-6820",
          "url": "https://bugzilla.suse.com/1029035"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-6820"
    },
    {
      "cve": "CVE-2017-8114",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8114"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8114",
          "url": "https://www.suse.com/security/cve/CVE-2017-8114"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036955 for CVE-2017-8114",
          "url": "https://bugzilla.suse.com/1036955"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8114"
    },
    {
      "cve": "CVE-2018-9846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-9846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-9846",
          "url": "https://www.suse.com/security/cve/CVE-2018-9846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089461 for CVE-2018-9846",
          "url": "https://bugzilla.suse.com/1089461"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-9846"
    },
    {
      "cve": "CVE-2019-10740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-10740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-10740",
          "url": "https://www.suse.com/security/cve/CVE-2019-10740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131801 for CVE-2019-10740",
          "url": "https://bugzilla.suse.com/1131801"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2019-10740",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-10740"
    },
    {
      "cve": "CVE-2020-12641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12641",
          "url": "https://www.suse.com/security/cve/CVE-2020-12641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171148 for CVE-2020-12641",
          "url": "https://bugzilla.suse.com/1171148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-12641",
          "url": "https://bugzilla.suse.com/1175135"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1226069 for CVE-2020-12641",
          "url": "https://bugzilla.suse.com/1226069"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-12641"
    },
    {
      "cve": "CVE-2020-16145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-16145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-16145",
          "url": "https://www.suse.com/security/cve/CVE-2020-16145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175135 for CVE-2020-16145",
          "url": "https://bugzilla.suse.com/1175135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-16145"
    },
    {
      "cve": "CVE-2020-35730",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-35730"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
          "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-35730",
          "url": "https://www.suse.com/security/cve/CVE-2020-35730"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180399 for CVE-2020-35730",
          "url": "https://bugzilla.suse.com/1180399"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
            "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-35730"
    }
  ]
}

GHSA-6R67-R3JM-88P4

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-10-22 00:31

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-16651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-09T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.",
  "id": "GHSA-6r67-r3jm-88p4",
  "modified": "2025-10-22T00:31:29Z",
  "published": "2022-05-13T01:11:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16651"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/issues/6026"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4030"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101793"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-16651

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-16651

Aliases

CVE-2017-16651

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-16651",
    "description": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.",
    "id": "GSD-2017-16651",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-16651.html",
      "https://www.debian.org/security/2017/dsa-4030",
      "https://advisories.mageia.org/CVE-2017-16651.html",
      "https://security.archlinux.org/CVE-2017-16651",
      "https://packetstormsecurity.com/files/cve/CVE-2017-16651"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-16651"
      ],
      "details": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.",
      "id": "GSD-2017-16651",
      "modified": "2023-12-13T01:21:01.190031Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2017-16651",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "product": "Roundcube Webmail",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.",
      "vendorProject": "Roundcube",
      "vulnerabilityName": "Roundcube Webmail File Disclosure Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-16651",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3",
            "refsource": "CONFIRM",
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
          },
          {
            "name": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10",
            "refsource": "CONFIRM",
            "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
          },
          {
            "name": "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
          },
          {
            "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10",
            "refsource": "CONFIRM",
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
          },
          {
            "name": "101793",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101793"
          },
          {
            "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7",
            "refsource": "CONFIRM",
            "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
          },
          {
            "name": "DSA-4030",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2017/dsa-4030"
          },
          {
            "name": "https://github.com/roundcube/roundcubemail/issues/6026",
            "refsource": "CONFIRM",
            "url": "https://github.com/roundcube/roundcubemail/issues/6026"
          },
          {
            "name": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16651"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-552"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
            },
            {
              "name": "https://github.com/roundcube/roundcubemail/issues/6026",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/roundcube/roundcubemail/issues/6026"
            },
            {
              "name": "DSA-4030",
              "refsource": "DEBIAN",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2017/dsa-4030"
            },
            {
              "name": "101793",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101793"
            },
            {
              "name": "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-04T21:08Z",
      "publishedDate": "2017-11-09T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-16651 (GCVE-0-2017-16651)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CNVD-2017-36359

FKIE_CVE-2017-16651

OPENSUSE-SU-2024:11303-1

GHSA-6R67-R3JM-88P4

GSD-2017-16651

Tags

Sightings

Nomenclature