Description

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

Remediation

References

CVE-2018-1000071

Related Vulnerabilities

MediaWiki Insufficiently Protected Credentials Vulnerability (CVE-2020-35623)

MySQL CVE-2018-2776 Vulnerability (CVE-2018-2776)

WordPress Plugin Livefyre Comments 3 Cross-Site Scripting (4.1.4)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-1945)

WordPress Plugin IMPress Listings Cross-Site Scripting (2.0.1)

Severity

High

Classification

CVE-2018-1000071 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities