CVE-2018-1000072

NONE EPSS 75.2%
Published Mar 13, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 13, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.

Threat Intelligence

EPSS Exploit Probability
75.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-732

Affected Products 1

VendorProductVersionRange
iredmailiredmail* ≤0.9.6

References 2

  • legacysecuritygroup.com http://legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
    ExploitMitigationThird Party Advisory
  • bitbucket.org https://bitbucket.org/zhb/iredmail/issues/130/multiple-security-issues-with-default
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.