Vulnerability Description
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roundcube | Roundcube Webmail | 1.1.1 |
| Roundcube | Webmail | 1.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/07/07/2Mailing ListPatchThird Party Advisory
- https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff87Issue TrackingPatchThird Party Advisory
- https://github.com/roundcube/roundcubemail/issues/4816Issue TrackingPatchThird Party Advisory
- https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-releasedPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/07/07/2Mailing ListPatchThird Party Advisory
- https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff87Issue TrackingPatchThird Party Advisory
- https://github.com/roundcube/roundcubemail/issues/4816Issue TrackingPatchThird Party Advisory
- https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-releasedPatchVendor Advisory
FAQ
What is CVE-2015-5383?
CVE-2015-5383 is a vulnerability with a CVSS score of 7.5 (HIGH). Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
How severe is CVE-2015-5383?
CVE-2015-5383 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5383?
Check the references section above for vendor advisories and patch information. Affected products include: Roundcube Roundcube Webmail, Roundcube Webmail.