Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

Description

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.

Remediation

References

CVE-2018-19205

Related Vulnerabilities

Rukovoditel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-30224)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-6630)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4284)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions Security Bypass (2.3.2)

WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)

Severity

High

Classification

CVE-2018-19205 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N