Description

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

Remediation

References

CVE-2018-1000071

Related Vulnerabilities

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5159)

WordPress Plugin WP Forum Multiple Security Vulnerbilities (1.7.8)

WordPress Plugin Multisite Global Search 'mssearch' Parameter Cross-Site Scripting (1.2.5)

Moodle Incorrect Authorization Vulnerability (CVE-2020-25701)

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Multiple Unspecified Vulnerabilities (4.6.8)

Severity

High

Classification

CVE-2018-1000071 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities