ID de Prueba:	1.3.6.1.4.1.25623.1.0.142410
Categoría:	Web application abuses
Título:	Roundcube Webmail < 1.3.10 Information Disclosure Vulnerability
Resumen:	Roundcube Webmail is prone to an information disclosure; vulnerability.
Descripción:	Summary: Roundcube Webmail is prone to an information disclosure vulnerability. Vulnerability Insight: In Roundcube Webmail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. Affected Software/OS: Roundcube Webmail versions 1.3.9 and prior. Solution: Update to version 1.3.10 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10740 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/ https://github.com/roundcube/roundcubemail/issues/6638 SuSE Security Announcement: openSUSE-SU-2020:1516 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.