CVE-2018-19205
HIGHRoundcube Webmail < 1.3.7 - Exposure of Sensitive Information via GnuPG MDC Integrity-Protection Mishandling
Title source: llmDescription
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://roundcube.net/news/2018/07/27/update-1.3.7-released
Release Notes x_refsource_misc
https://github.com/roundcube/roundcubemail/releases/tag/1.3.7
Scores
CVSS v3
7.5
EPSS
0.0160
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
roundcube/webmail
< 1.3.7
Published
Nov 12, 2018
Tracked Since
Feb 18, 2026