CVE-2018-19205
https://notcve.org/view.php?id=CVE-2018-19205
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. Roundcube en versiones anteriores a la 1.3.7 gestiona de manera incorrecta las advertencias de integridad/protección GnuPG MDC, lo que facilita que los atacantes obtengan información sensible. Esto está relacionado con CVE-2017-17688. Esto está asociado con plugins/enigma/lib/enigma_driver_gnupg.php. • https://github.com/roundcube/roundcubemail/releases/tag/1.3.7 https://roundcube.net/news/2018/07/27/update-1.3.7-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-19206
https://notcve.org/view.php?id=CVE-2018-19206
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. steps/mail/func.inc en Roundcube en versiones anteriores a la 1.3.8 tiene Cross-Site Scripting (XSS) mediante el uso manipulado de • https://github.com/roundcube/roundcubemail/releases/tag/1.3.8 https://roundcube.net/news/2018/10/26/update-1.3.8-released https://www.debian.org/security/2018/dsa-4344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-17688
https://notcve.org/view.php?id=CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification ** EN DISPUTA ** La especificación OpenPGP permite un ataque malleability-gadget Cipher Feedback Mode (CFB) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL. NOTA: terceros indican que este es un problema en aplicaciones que gestionan de manera incorrecta la característica de Modification Detection Code (MDC) o que afectan un tipo de paquete obsoleto, en lugar de un problema en la especificación OpenPGP. • http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html http://www.securityfocus.com/bid/104162 http://www.securitytracker.com/id/1040904 https://efail.de https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html https://news.ycombinator.com/item?id=17066419 https://protonmail.com/blog/pgp-vulnerability-efail https://twitter.com/matthew_d_green/status/995996706457243648 https://www.patreon.com/posts/cybersecurity-15-18814817 https://www.synology.com/support/security •
CVE-2018-9846
https://notcve.org/view.php?id=CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. En Roundcube, de las versiones 1.2.0 a 1.3.5, con el plugin archive habilitado y configurado, es posible explotar el parámetro controlado por el usuario "_uid" no saneado (en una petición _task=mail_mbox=INBOX_action=plugin.move2archive en archive.php) para realizar un ataque de inyección MX (IMAP) mediante la colocación de un comando IMAP después de una secuencia %0d%0a. NOTA: hay menos posibilidades de explotación en las versiones 1.3.4 y posteriores debido al mecanismo de protección Same Origin Policy. • https://github.com/roundcube/roundcubemail/issues/6229 https://github.com/roundcube/roundcubemail/issues/6238 https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a https://www.debian.org/security/2018/dsa-4181 • CWE-20: Improper Input Validation •
CVE-2018-1000071
https://notcve.org/view.php?id=CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. roundcube, en versiones 1.3.4 y anteriores, contiene una vulnerabilidad de permisos inseguros en el plugin enigma que puede resultar en la exfiltración de la clave privada gpgp. Este ataque parece ser explotable mediante conectividad de red. • https://github.com/roundcube/roundcubemail/issues/6173 https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt • CWE-732: Incorrect Permission Assignment for Critical Resource •