cbcvebase.
CVE-2018-19205
published 2018-11-12

CVE-2018-19205: Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue…

PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.60%
72.8th percentile
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianroundcube< roundcube 1.3.8+dfsg.1-1 (bookworm)roundcube 1.3.8+dfsg.1-1 (bookworm)
roundcuberoundcube_webmail>= 0 < 1.2~beta+dfsg.1-0ubuntu1+esm71.2~beta+dfsg.1-0ubuntu1+esm7
roundcuberoundcube_webmail>= 0 < 1.3.6+dfsg.1-1ubuntu0.1~esm71.3.6+dfsg.1-1ubuntu0.1~esm7
roundcubewebmail< 1.3.71.3.7

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv6.1MEDIUM
vendor_ubuntu6.1MEDIUM
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.