CVE-2018-1000072

Published: Mar 13, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt

x_refsource_MISC

https://bitbucket.org/zhb/iredmail/issues/130/multiple-security-issues-with-default

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1000072

Description

Affected Products

References