AVG-506

Package roundcubemail
Status Fixed
Severity High
Type arbitrary filesystem access
Affected 1.3.2-1
Fixed 1.3.3-1
Current 1.3.8-1 [community]
Ticket None
Created Sun Nov 19 15:02:53 2017
Issue Severity Remote Type Description
CVE-2017-16651 High Yes Arbitrary filesystem access
Roundcube Webmail 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in...
Date Advisory Package Description
21 Nov 2017 ASA-201711-27 roundcubemail arbitrary filesystem access
References
https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806
https://github.com/roundcube/roundcubemail/issues/6026
https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10