CVE-2018-1000071

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Configurations

Configuration 1 (hide)

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:39

Type Values Removed Values Added
References () https://github.com/roundcube/roundcubemail/issues/6173 - Third Party Advisory () https://github.com/roundcube/roundcubemail/issues/6173 - Third Party Advisory
References () https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt - Exploit, Third Party Advisory () https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt - Exploit, Third Party Advisory

Information

Published : 2018-03-13 15:29

Updated : 2024-11-21 03:39


NVD link : CVE-2018-1000071

Mitre link : CVE-2018-1000071

CVE.ORG link : CVE-2018-1000071


JSON object : View

Products Affected

roundcube

  • webmail
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource