Roundcube Log Disclosure

Roundcube log files were publicly accessible.

  • exposure
  • logs

Roundcube files are sometimes publicly accessible files, which give an attacker information about the system, used to configure the application in question. These files may reveal sensitive information, such as usernames and passwords, which can allow an attacker to gain access to the system.


Attackers may, therefore, be able to gather information about the server configuration, application version and computer, which can be used to launch more sophisticated attacks.


If possible, remove all log files from public folders.

Was this page helpful?