CVE-2018-1000072
NONE EPSS 75.2%
Published Mar 13, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 13, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.
Threat Intelligence
EPSS Exploit Probability
75.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-732
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| iredmail | iredmail | * | ≤0.9.6 |
References 2
- legacysecuritygroup.com http://legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
- bitbucket.org https://bitbucket.org/zhb/iredmail/issues/130/multiple-security-issues-with-default
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.