CVE-2018-19205 — Sensitive Information Exposure in Webmail

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

7.5HIGHNVD

CNA5.9OSV6.1OSV5.9

EPSS

0.3%

top 44.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Roundcube Webmail Roundcube Webmail

Timeline

PublishedNov 12

Latest updateMar 30

Description

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDroundcube/webmail< 1.3.7

▶Ubunturoundcube/roundcube_webmail< 1.2~beta+dfsg.1-0ubuntu1+esm7+1

🔴Vulnerability Details

OSV

roundcube vulnerabilities↗2026-03-30

▶

GHSA

GHSA-mf49-p66v-cw5m: Roundcube before 1↗2022-05-13

▶

OSV

CVE-2018-19205: Roundcube before 1↗2018-11-12

▶

CVEList

CVE-2018-19205: Roundcube before 1↗2018-11-12

▶

📋Vendor Advisories

Ubuntu

Roundcube Webmail vulnerabilities↗2026-03-30

▶

Debian

CVE-2018-19205: roundcube - Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which...↗2018

▶