CVE-2018-19205

HIGH

Roundcube Webmail < 1.3.7 - Exposure of Sensitive Information via GnuPG MDC Integrity-Protection Mishandling

Title source: llm
STIX 2.1

Description

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://roundcube.net/news/2018/07/27/update-1.3.7-released

Scores

CVSS v3 7.5
EPSS 0.0160
EPSS Percentile 72.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
roundcube/webmail < 1.3.7
Published Nov 12, 2018
Tracked Since Feb 18, 2026