ALT-PU-2018-1778-1
Closed vulnerabilities
Published: 2018-03-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-04-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/roundcube/roundcubemail/issues/6229
- https://github.com/roundcube/roundcubemail/issues/6229
- https://github.com/roundcube/roundcubemail/issues/6238
- https://github.com/roundcube/roundcubemail/issues/6238
- https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a
- https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a
- DSA-4181
- DSA-4181