Vulnerability CVE-2018-1000071

Vulnerability CVE-2018-1000071

Published: 2018-03-13

Description:

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

Type:

CWE-732

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Roundcube -> Webmail

References:

https://github.com/roundcube/roundcubemail/issues/6173

https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt

Copyright 2024, cxsecurity.com