PT-2019-12017 · Roundcube+3 · Roundcube Webmail+3

Jensvoid

Publicado

2019-04-07

Atualizado

2026-03-30

CVE-2019-10740

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.3.10

Description The issue allows an attacker with S/MIME or PGP encrypted emails to craft a multipart email, hiding the encrypted parts using HTML/CSS or ASCII newline characters. When the receiver replies to this email, they may unknowingly leak the plaintext of the encrypted message parts back to the attacker.

Recommendations For versions prior to 1.3.10, update to version 1.3.10 or later to resolve the issue.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

ALT-PU-2019-2818

ALT-PU-2019-2946

CVE-2019-10740

OPENSUSE-SU-2020:1516-1

OPENSUSE-SU-2020_1516-1

OPENSUSE-SU-2022:10148-1

OPENSUSE-SU-2024:11303-1

USN-8132-1

Produtos afetados

Alt Linux

Roundcube Webmail

Suse

Ubuntu

PT-2019-12017 · Roundcube+3 · Roundcube Webmail+3

CVE-2019-10740

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52