CVE-2018-1000071Incorrect Permission Assignment in Webmail

CWE-732Incorrect Permission Assignment10 documents7 sources
Severity
7.5HIGHNVD
OSV6.1
EPSS
0.3%
top 47.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Roundcube WebmailRoundcube Webmail
Timeline
PublishedMar 13
Latest updateMar 30

Description

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Ubunturoundcube/roundcube_webmail< 1.2~beta+dfsg.1-0ubuntu1+esm7+1

🔴Vulnerability Details

4
OSV
roundcube vulnerabilities2026-03-30
GHSA
GHSA-5jgp-7xfp-x54p: roundcube version 12022-05-13
CVEList
CVE-2018-1000071: roundcube version 12018-03-13
OSV
CVE-2018-1000071: roundcube version 12018-03-13

📋Vendor Advisories

2
Ubuntu
Roundcube Webmail vulnerabilities2026-03-30
Debian
CVE-2018-1000071: roundcube - roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerabili...2018

💬Community

3
Bugzilla
CVE-2018-1000071 roundcubemail: Permissions issue in enigma plugin allows exfiltration secret gpg key file [epel-all]2018-02-26
Bugzilla
CVE-2018-1000071 roundcubemail: Permissions issue in enigma plugin allows exfiltration secret gpg key file [fedora-all]2018-02-26
Bugzilla
CVE-2018-1000071 roundcubemail: Permissions issue in enigma plugin allows exfiltration secret gpg key file2018-02-26
CVE-2018-1000071 — Incorrect Permission Assignment | cvebase