CVE-2018-19205
published 2018-11-12CVE-2018-19205: Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue…
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.60%
72.8th percentile
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | roundcube | < roundcube 1.3.8+dfsg.1-1 (bookworm) | roundcube 1.3.8+dfsg.1-1 (bookworm) |
| roundcube | roundcube_webmail | >= 0 < 1.2~beta+dfsg.1-0ubuntu1+esm7 | 1.2~beta+dfsg.1-0ubuntu1+esm7 |
| roundcube | roundcube_webmail | >= 0 < 1.3.6+dfsg.1-1ubuntu0.1~esm7 | 1.3.6+dfsg.1-1ubuntu0.1~esm7 |
| roundcube | webmail | < 1.3.7 | 1.3.7 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv6.1MEDIUM
vendor_ubuntu6.1MEDIUM
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
roundcube vulnerabilities
osv·2026-03-30·CVSS 6.1
CVE-2016-4068 [MEDIUM] roundcube vulnerabilities
roundcube vulnerabilities
It was discovered that Roundcube Webmail did not properly sanitize
certain HTML elements within the e-mail body. An attacker could possibly
use this issue to cause a cross-site scripting attack. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069)
It was discovered that Roundcube Webmail did not properly handle certain
configuration parameters. An attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2016-9920)
It was discovered that Roundcube Webmail did not properly sanitize CSS styles
within SVG documents. An attacker could possibly use this issue to cause
a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2017-6820)
It was di
GHSA
GHSA-mf49-p66v-cw5m: Roundcube before 1
ghsa_unreviewed·2022-05-13·CVSS 5.9
CVE-2018-19205 [MEDIUM] CWE-200 GHSA-mf49-p66v-cw5m: Roundcube before 1
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
OSV
CVE-2018-19205: Roundcube before 1
osv·2018-11-12·CVSS 5.9
CVE-2018-19205 [MEDIUM] CVE-2018-19205: Roundcube before 1
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Ubuntu
Roundcube Webmail vulnerabilities
vendor_ubuntu·2026-03-30·CVSS 6.1
CVE-2018-19205 [MEDIUM] Roundcube Webmail vulnerabilities
Title: Roundcube Webmail vulnerabilities
Summary: Several security issues were fixed in Roundcube Webmail.
It was discovered that Roundcube Webmail did not properly sanitize
certain HTML elements within the e-mail body. An attacker could possibly
use this issue to cause a cross-site scripting attack. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069)
It was discovered that Roundcube Webmail did not properly handle certain
configuration parameters. An attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2016-9920)
It was discovered that Roundcube Webmail did not properly sanitize CSS styles
within SVG documents. An attacker could possibly use this issue to cause
a cross-site scripting att
Debian
CVE-2018-19205: roundcube - Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which...
vendor_debian·2018·CVSS 5.9
CVE-2018-19205 [MEDIUM] CVE-2018-19205: roundcube - Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which...
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Scope: local
bookworm: resolved (fixed in 1.3.8+dfsg.1-1)
bullseye: resolved (fixed in 1.3.8+dfsg.1-1)
forky: resolved (fixed in 1.3.8+dfsg.1-1)
sid: resolved (fixed in 1.3.8+dfsg.1-1)
trixie: resolved (fixed in 1.3.8+dfsg.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-11-12
Published