Description

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

Remediation

References

CVE-2018-1000071

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)

WordPress Plugin Content Copy Protection & Prevent Image Save Cross-Site Request Forgery (1.3)

Oracle Database Server CVE-2015-4755 Vulnerability (CVE-2015-4755)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)

WordPress Plugin WP SMS Cross-Site Scripting (5.4.12)

Severity

High

Classification

CVE-2018-1000071 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities