CVE-2018-8741 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Vendor	Product	Version
squirrelmail	squirrelmail	1.4.22
debian	debian_linux	7.0
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

squirrelmail

disco	dne
cosmic	dne
bionic	dne
artful	dne
xenial	Fixed 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.1 released
trusty	Fixed 2:1.4.23~svn20120406-2+deb8u3build0.14.04.1 released

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.openwall.com/lists/oss-security/2018/03/17/2

http://www.securitytracker.com/id/1040554

https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e

https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/

https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/

https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/

https://www.debian.org/security/2018/dsa-4168

http://www.openwall.com/lists/oss-security/2018/03/17/2

http://www.securitytracker.com/id/1040554

https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e

https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/

https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/

https://paste.pound-python.org/show/OjSLiFTxiBrTk63jqEUu/

https://www.debian.org/security/2018/dsa-4168