CVE-2017-8114 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-8114 Interim 1 10 2025-04-22T23:44:11Z current 2021-05-30T13:55:58Z 2025-04-22T23:44:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-8114 Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed roundcubemail-1.4.11-1.3 roundcubemail-1.4.11-1.3 as a component of openSUSE Tumbleweed Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. CVE-2017-8114 openSUSE Tumbleweed:roundcubemail-1.4.11-1.3 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H