Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-9846 (GCVE-0-2018-9846)
Vulnerability from cvelistv5 – Published: 2018-04-07 21:00 – Updated: 2024-08-05 07:24
VLAI
EPSS
Summary
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/roundcube/roundcubemail/issues/6238 | x_refsource_MISC |
| https://www.debian.org/security/2018/dsa-4181 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/roundcube/roundcubemail/issues/6229 | x_refsource_MISC |
| https://medium.com/%40ndrbasi/cve-2018-9846-round… | x_refsource_MISC |
Date Public
2018-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"name": "DSA-4181",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"name": "DSA-4181",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/roundcube/roundcubemail/issues/6238",
"refsource": "MISC",
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"name": "DSA-4181",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4181"
},
{
"name": "https://github.com/roundcube/roundcubemail/issues/6229",
"refsource": "MISC",
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"name": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a",
"refsource": "MISC",
"url": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9846",
"datePublished": "2018-04-07T21:00:00.000Z",
"dateReserved": "2018-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:24:56.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-9846",
"date": "2026-06-03",
"epss": "0.00665",
"percentile": "0.71599"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-9846\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-04-07T21:29:00.413\",\"lastModified\":\"2024-11-21T04:15:47.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \\\"_uid\\\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.\"},{\"lang\":\"es\",\"value\":\"En Roundcube, de las versiones 1.2.0 a 1.3.5, con el plugin archive habilitado y configurado, es posible explotar el par\u00e1metro controlado por el usuario \\\"_uid\\\" no saneado (en una petici\u00f3n _task=mail_mbox=INBOX_action=plugin.move2archive en archive.php) para realizar un ataque de inyecci\u00f3n MX (IMAP) mediante la colocaci\u00f3n de un comando IMAP despu\u00e9s de una secuencia %0d%0a. NOTA: hay menos posibilidades de explotaci\u00f3n en las versiones 1.3.4 y posteriores debido al mecanismo de protecci\u00f3n Same Origin Policy.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.0\",\"versionEndIncluding\":\"1.3.5\",\"matchCriteriaId\":\"6311A2A8-28A1-4CA4-9CC9-8A2E9842247A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://github.com/roundcube/roundcubemail/issues/6229\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/issues/6238\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4181\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/issues/6229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/roundcube/roundcubemail/issues/6238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Roundcube命令注入漏洞
Description
RoundCube是一个基于浏览器,支持多国语言的IMAP客户端。
RoundCube 1.2.0至1.3.5版本中存在命令注入漏洞,由于archive插件未能正确处理用户控制参数,允许远程攻击者注入任意IMAP命令并执行恶意操作。
Severity
中
Patch Name
Roundcube命令注入漏洞的补丁
Patch Description
RoundCube是一个基于浏览器,支持多国语言的IMAP客户端。
RoundCube 1.2.0至1.3.5版本中存在命令注入漏洞,由于archive插件未能正确处理用户控制参数,允许远程攻击者注入任意IMAP命令并执行恶意操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/roundcube/roundcubemail/issues/6229
Reference
http://seclists.org/bugtraq/2018/Apr/49
Impacted products
| Name | RoundCube Roundcube >=1.2.0,<=1.3.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-9846"
}
},
"description": "RoundCube\u662f\u4e00\u4e2a\u57fa\u4e8e\u6d4f\u89c8\u5668\uff0c\u652f\u6301\u591a\u56fd\u8bed\u8a00\u7684IMAP\u5ba2\u6237\u7aef\u3002\r\n\r\nRoundCube 1.2.0\u81f31.3.5\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8earchive\u63d2\u4ef6\u672a\u80fd\u6b63\u786e\u5904\u7406\u7528\u6237\u63a7\u5236\u53c2\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6ce8\u5165\u4efb\u610fIMAP\u547d\u4ee4\u5e76\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002",
"discovererName": "unknow",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/roundcube/roundcubemail/issues/6229",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-10428",
"openTime": "2018-05-28",
"patchDescription": "RoundCube\u662f\u4e00\u4e2a\u57fa\u4e8e\u6d4f\u89c8\u5668\uff0c\u652f\u6301\u591a\u56fd\u8bed\u8a00\u7684IMAP\u5ba2\u6237\u7aef\u3002\r\n\r\nRoundCube 1.2.0\u81f31.3.5\u7248\u672c\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8earchive\u63d2\u4ef6\u672a\u80fd\u6b63\u786e\u5904\u7406\u7528\u6237\u63a7\u5236\u53c2\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6ce8\u5165\u4efb\u610fIMAP\u547d\u4ee4\u5e76\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Roundcube\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "RoundCube Roundcube \u003e=1.2.0\uff0c\u003c=1.3.5"
},
"referenceLink": "http://seclists.org/bugtraq/2018/Apr/49",
"serverity": "\u4e2d",
"submitTime": "2018-05-03",
"title": "Roundcube\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
FKIE_CVE-2018-9846
Vulnerability from fkie_nvd - Published: 2018-04-07 21:29 - Updated: 2024-11-21 04:15
Severity
Summary
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/roundcube/roundcubemail/issues/6229 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/roundcube/roundcubemail/issues/6238 | Patch, Third Party Advisory | |
| cve@mitre.org | https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a | ||
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4181 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/roundcube/roundcubemail/issues/6229 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/roundcube/roundcubemail/issues/6238 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4181 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundcube | webmail | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6311A2A8-28A1-4CA4-9CC9-8A2E9842247A",
"versionEndIncluding": "1.3.5",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism."
},
{
"lang": "es",
"value": "En Roundcube, de las versiones 1.2.0 a 1.3.5, con el plugin archive habilitado y configurado, es posible explotar el par\u00e1metro controlado por el usuario \"_uid\" no saneado (en una petici\u00f3n _task=mail_mbox=INBOX_action=plugin.move2archive en archive.php) para realizar un ataque de inyecci\u00f3n MX (IMAP) mediante la colocaci\u00f3n de un comando IMAP despu\u00e9s de una secuencia %0d%0a. NOTA: hay menos posibilidades de explotaci\u00f3n en las versiones 1.3.4 y posteriores debido al mecanismo de protecci\u00f3n Same Origin Policy."
}
],
"id": "CVE-2018-9846",
"lastModified": "2024-11-21T04:15:47.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-07T21:29:00.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4181"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3V75-9CH3-WFRW
Vulnerability from github – Published: 2022-05-14 03:21 – Updated: 2022-05-14 03:21
VLAI
Details
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-9846"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-07T21:29:00Z",
"severity": "HIGH"
},
"details": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.",
"id": "GHSA-3v75-9ch3-wfrw",
"modified": "2022-05-14T03:21:15Z",
"published": "2022-05-14T03:21:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9846"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"type": "WEB",
"url": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-9846
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-9846",
"description": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.",
"id": "GSD-2018-9846",
"references": [
"https://www.suse.com/security/cve/CVE-2018-9846.html",
"https://www.debian.org/security/2018/dsa-4181",
"https://advisories.mageia.org/CVE-2018-9846.html",
"https://security.archlinux.org/CVE-2018-9846"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-9846"
],
"details": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.",
"id": "GSD-2018-9846",
"modified": "2023-12-13T01:22:33.607875Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/roundcube/roundcubemail/issues/6238",
"refsource": "MISC",
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"name": "DSA-4181",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4181"
},
{
"name": "https://github.com/roundcube/roundcubemail/issues/6229",
"refsource": "MISC",
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"name": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a",
"refsource": "MISC",
"url": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.5",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9846"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/roundcube/roundcubemail/issues/6238",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6238"
},
{
"name": "https://github.com/roundcube/roundcubemail/issues/6229",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/roundcube/roundcubemail/issues/6229"
},
{
"name": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a"
},
{
"name": "DSA-4181",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4181"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-05-24T17:12Z",
"publishedDate": "2018-04-07T21:29Z"
}
}
}
OPENSUSE-SU-2024:11303-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
roundcubemail-1.4.11-1.3 on GA media
Severity
Moderate
Notes
Title of the patch: roundcubemail-1.4.11-1.3 on GA media
Description of the patch: These are all security issues fixed in the roundcubemail-1.4.11-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11303
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "roundcubemail-1.4.11-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the roundcubemail-1.4.11-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11303",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11303-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16651 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6820 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8114 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9846 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10740 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12641 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16145 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35730 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35730/"
}
],
"title": "roundcubemail-1.4.11-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11303-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "roundcubemail-1.4.11-1.3.aarch64",
"product": {
"name": "roundcubemail-1.4.11-1.3.aarch64",
"product_id": "roundcubemail-1.4.11-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "roundcubemail-1.4.11-1.3.ppc64le",
"product": {
"name": "roundcubemail-1.4.11-1.3.ppc64le",
"product_id": "roundcubemail-1.4.11-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "roundcubemail-1.4.11-1.3.s390x",
"product": {
"name": "roundcubemail-1.4.11-1.3.s390x",
"product_id": "roundcubemail-1.4.11-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "roundcubemail-1.4.11-1.3.x86_64",
"product": {
"name": "roundcubemail-1.4.11-1.3.x86_64",
"product_id": "roundcubemail-1.4.11-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "roundcubemail-1.4.11-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64"
},
"product_reference": "roundcubemail-1.4.11-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "roundcubemail-1.4.11-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le"
},
"product_reference": "roundcubemail-1.4.11-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "roundcubemail-1.4.11-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x"
},
"product_reference": "roundcubemail-1.4.11-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "roundcubemail-1.4.11-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
},
"product_reference": "roundcubemail-1.4.11-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16651"
}
],
"notes": [
{
"category": "general",
"text": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host\u0027s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings\u0026_action=upload-display\u0026_from=timezone requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16651",
"url": "https://www.suse.com/security/cve/CVE-2017-16651"
},
{
"category": "external",
"summary": "SUSE Bug 1067574 for CVE-2017-16651",
"url": "https://bugzilla.suse.com/1067574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-16651"
},
{
"cve": "CVE-2017-6820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6820"
}
],
"notes": [
{
"category": "general",
"text": "rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6820",
"url": "https://www.suse.com/security/cve/CVE-2017-6820"
},
{
"category": "external",
"summary": "SUSE Bug 1029035 for CVE-2017-6820",
"url": "https://bugzilla.suse.com/1029035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6820"
},
{
"cve": "CVE-2017-8114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8114"
}
],
"notes": [
{
"category": "general",
"text": "Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8114",
"url": "https://www.suse.com/security/cve/CVE-2017-8114"
},
{
"category": "external",
"summary": "SUSE Bug 1036955 for CVE-2017-8114",
"url": "https://bugzilla.suse.com/1036955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-8114"
},
{
"cve": "CVE-2018-9846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9846"
}
],
"notes": [
{
"category": "general",
"text": "In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it\u0027s possible to exploit the unsanitized, user-controlled \"_uid\" parameter (in an archive.php _task=mail\u0026_mbox=INBOX\u0026_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9846",
"url": "https://www.suse.com/security/cve/CVE-2018-9846"
},
{
"category": "external",
"summary": "SUSE Bug 1089461 for CVE-2018-9846",
"url": "https://bugzilla.suse.com/1089461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-9846"
},
{
"cve": "CVE-2019-10740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10740"
}
],
"notes": [
{
"category": "general",
"text": "In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10740",
"url": "https://www.suse.com/security/cve/CVE-2019-10740"
},
{
"category": "external",
"summary": "SUSE Bug 1131801 for CVE-2019-10740",
"url": "https://bugzilla.suse.com/1131801"
},
{
"category": "external",
"summary": "SUSE Bug 1175135 for CVE-2019-10740",
"url": "https://bugzilla.suse.com/1175135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-10740"
},
{
"cve": "CVE-2020-12641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12641"
}
],
"notes": [
{
"category": "general",
"text": "rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12641",
"url": "https://www.suse.com/security/cve/CVE-2020-12641"
},
{
"category": "external",
"summary": "SUSE Bug 1171148 for CVE-2020-12641",
"url": "https://bugzilla.suse.com/1171148"
},
{
"category": "external",
"summary": "SUSE Bug 1175135 for CVE-2020-12641",
"url": "https://bugzilla.suse.com/1175135"
},
{
"category": "external",
"summary": "SUSE Bug 1226069 for CVE-2020-12641",
"url": "https://bugzilla.suse.com/1226069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-12641"
},
{
"cve": "CVE-2020-16145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16145"
}
],
"notes": [
{
"category": "general",
"text": "Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16145",
"url": "https://www.suse.com/security/cve/CVE-2020-16145"
},
{
"category": "external",
"summary": "SUSE Bug 1175135 for CVE-2020-16145",
"url": "https://bugzilla.suse.com/1175135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-16145"
},
{
"cve": "CVE-2020-35730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35730"
}
],
"notes": [
{
"category": "general",
"text": "An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35730",
"url": "https://www.suse.com/security/cve/CVE-2020-35730"
},
{
"category": "external",
"summary": "SUSE Bug 1180399 for CVE-2020-35730",
"url": "https://bugzilla.suse.com/1180399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.aarch64",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.ppc64le",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.s390x",
"openSUSE Tumbleweed:roundcubemail-1.4.11-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-35730"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…