CVE-2018-19205

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.3.7

Description The issue makes it easier for attackers to obtain sensitive information by mishandling GnuPG MDC integrity-protection warnings. This is related to the handling of encryption and decryption processes, specifically in the context of plugins/enigma/lib/enigma driver gnupg.php.

Recommendations For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of GnuPG MDC integrity-protection until a patch is applied. Restrict access to sensitive information to minimize the risk of exploitation.