PT-2018-9257 · Roundcube+2 · Roundcube+2
Published
2018-03-13
·
Updated
2026-03-30
·
CVE-2018-1000071
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
roundcube versions 1.3.4 and earlier
Description:
The issue concerns a problem with insecure permissions in the enigma plugin, which can lead to the exfiltration of the gpg private key. This can be exploited through network connectivity.
Recommendations:
For roundcube versions 1.3.4 and earlier, consider disabling the enigma plugin as a temporary workaround until a patch is available. Restrict access to the enigma plugin to minimize the risk of exploitation. Avoid using the enigma plugin via network connectivity until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Roundcube
Ubuntu