返回 CVE 浏览器

CVE-2018-1000071

HIGH

7.5

CVSS Severity Score

EPSS Score0.1030%

EPSS Percentile43.01th

Published2018年3月13日

Last Modified2024年11月21日

Vulnerability Description

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

Affected Platforms (CPE)

📦

Roundcube

Webmail

<= 1.3.4

References & Advisories

🔗 https://github.com/roundcube/roundcubemail/issues/6173

🔗 https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt

🔗 https://github.com/roundcube/roundcubemail/issues/6173

🔗 https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt

相关漏洞威胁

CVE-2001-095310.0

Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is i...

CVE-2003-120210.0

The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via...

CVE-2001-002110.0

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate...

CVE-2003-119210.0

Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.