7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
61.1%
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings,
which makes it easier for attackers to obtain sensitive information, a
related issue to CVE-2017-17688. This is associated with
plugins/enigma/lib/enigma_driver_gnupg.php.
github.com/roundcube/roundcubemail/commit/2fa112bd836e5e144e270bda11c9fda1a66a22ae (master)
github.com/roundcube/roundcubemail/commit/94da947855329c5062ec2a7098eb86fb675aac37 (release-1.3)
github.com/roundcube/roundcubemail/issues/6289
github.com/roundcube/roundcubemail/releases/tag/1.3.7
launchpad.net/bugs/cve/CVE-2018-19205
nvd.nist.gov/vuln/detail/CVE-2018-19205
roundcube.net/news/2018/07/27/update-1.3.7-released
security-tracker.debian.org/tracker/CVE-2018-19205
www.cve.org/CVERecord?id=CVE-2018-19205
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
61.1%