Описание
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.4.4+dfsg.1-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1.3.6+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 1.4.3+dfsg.1-1ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 1.4.4+dfsg.1-1 |
| esm-apps/noble | not-affected | 1.4.4+dfsg.1-1 |
| esm-apps/xenial | released | 1.2~beta+dfsg.1-0ubuntu1+esm2 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
Уязвимость решения для IMAP-серверов на основе AJAX Roundcube, связанная с недостатками механизмов противодействия межсайтовой фальсификации, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3