CVE-2020-12640
Published May 4, 2020
Last updated 2 years ago
Overview
- Description
- Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A480FE5-CB10-4B95-91A4-4905FF92C28D", "versionEndExcluding": "1.2.10", "versionStartIncluding": "1.2.0" }, { "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD7B4A0-4163-46A5-95FE-B9F88D9E4F7F", "versionEndExcluding": "1.3.11", "versionStartIncluding": "1.3.0" }, { "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7D3A5C6-648A-4866-92CE-F7D37D0F6122", "versionEndExcluding": "1.4.4", "versionStartIncluding": "1.4.0" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568" }, { "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D" }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493" }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A" } ], "operator": "OR" } ] } ]