SB2017110908 - Information disclosure in roundcubemail (Alpine package)
Published: November 9, 2017 Updated: September 6, 2023
Security Bulletin ID
SB2017110908
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-16651)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. A remote attacker can modify the login form and submit it with valid credentials (username/password) of an email account, send a specially crafted HTTP request and gain unauthorized access to arbitrary files on the host's filesystem, including configuration files of Roundcube.
Note: the vulnerability is being actively exploited.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3ea1ba410055c5a252cdb3464fd2ae8480de61f4
- https://git.alpinelinux.org/aports/commit/?id=9be8149c02b93793812f65f8f61f549b07d7fd58
- https://git.alpinelinux.org/aports/commit/?id=30717c64a46cb821a2188235da2f567b2a9711e9
- https://git.alpinelinux.org/aports/commit/?id=59fc0fee613036d25668302ec9e4a9316ffbc689
- https://git.alpinelinux.org/aports/commit/?id=31744c33b30de88e279ac6b928fe2c75636cbef8
- https://git.alpinelinux.org/aports/commit/?id=1918ef560875cbc1da5732cad1e14d40c42b0630
- https://git.alpinelinux.org/aports/commit/?id=d4a7451cef0309fc3ac8eeeb32cbdae4bf81fb17