CVE-2014-9587

Roundcube Webmail < 1.0.3 - Cross-Site Request Forgery in Address Book and Plugin Operations

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

References (5)

Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://roundcube.net/news/2014/12/18/update-1.0.4-released/
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1179780
Issue Tracking x_refsource_misc
https://bugs.gentoo.org/show_bug.cgi?id=534766
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71909
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/11/3

Scores

EPSS 0.0214
EPSS Percentile 79.8%

Details

CWE
CWE-352
Status published
Products (1)
roundcube/webmail < 1.0.3
Published Jan 15, 2015
Tracked Since Feb 18, 2026