IMAP Injection Vulnerability in Roundcube Mail by Roundcube Webmail
CVE-2018-9846

8.8HIGH

Key Information:

Vendor

Roundcube

Status
Webmail
Vendor
CVE Published:
7 April 2018

What is CVE-2018-9846?

In versions 1.2.0 to 1.3.5 of Roundcube Webmail, the archive plugin presents a security risk due to unsanitized user-controlled parameters. Specifically, the '_uid' parameter in the archive.php script allows for the execution of IMAP commands after a '%0d%0a' sequence, potentially leading to an IMAP injection attack. Although later versions implement protective measures through a Same Origin Policy, earlier versions remain vulnerable, emphasizing the need for immediate security assessments and updates.

References

https://github.com/roundcube/roundcubemail/issues/6238
x_refsource_MISC
https://www.debian.org/security/2018/dsa-4181
vendor-advisoryx_refsource_DEBIAN
https://github.com/roundcube/roundcubemail/issues/6229
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.