CVE-2005-4368 — Sensitive Information Exposure in Roundcube

CWE-200 — Sensitive Information Exposure9 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 42.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Roundcube

Timeline

PublishedDec 20

Latest updateMay 1

Description

roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶debiandebian/roundcube

🔴Vulnerability Details

GHSA

GHSA-qw7j-7w7w-cprp: roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2005-4368: roundcube - roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debu...↗2005

▶

Citrix

Citrix Security Bulletin CTX107705↗

▶

Citrix

Citrix Security Bulletin CTX105574↗

▶

Citrix

Citrix Security Bulletin CTX105762↗

▶

Citrix

Citrix Security Bulletin CTX108208↗

▶