Iredmail
Monthly
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.