CVE-2018-1000071

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
Configurations

Configuration 1 (hide)

cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-13 15:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-1000071

Mitre link : CVE-2018-1000071

CVE.ORG link : CVE-2018-1000071


JSON object : View

Products Affected

roundcube

  • webmail
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource