CVE-2015-5383

HIGH

Roundcube Webmail <1.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

References (4)

Core 4
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/07/2
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/roundcube/roundcubemail/issues/4816

Scores

CVSS v3 7.5
EPSS 0.0377
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
roundcube/roundcube_webmail 1.1.1
roundcube/webmail 1.1 (3 CPE variants)
Published May 23, 2017
Tracked Since Feb 18, 2026