CVE-2014-9587
Roundcube Webmail < 1.0.3 - Cross-Site Request Forgery in Address Book and Plugin Operations
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://roundcube.net/news/2014/12/18/update-1.0.4-released/
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1179780
Issue Tracking x_refsource_misc
https://bugs.gentoo.org/show_bug.cgi?id=534766
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71909
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/11/3
Scores
EPSS
0.0214
EPSS Percentile
79.8%
Details
CWE
CWE-352
Status
published
Products (1)
roundcube/webmail
< 1.0.3
Published
Jan 15, 2015
Tracked Since
Feb 18, 2026