vulnerability
Ubuntu: (CVE-2018-9846): roundcube vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Apr 7, 2018 | Jun 26, 2025 | Jun 26, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Apr 7, 2018
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
Solution
no-fix-ubuntu-package
References
- CVE-2018-9846
- https://attackerkb.com/topics/CVE-2018-9846
- URL-https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0
- URL-https://github.com/roundcube/roundcubemail/issues/6229
- URL-https://github.com/roundcube/roundcubemail/issues/6238
- URL-https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a
- URL-https://www.cve.org/CVERecord?id=CVE-2018-9846
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.