| Vulnerability Name: | CVE-2016-4069 (CCN-112616) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2016-04-23 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2016-04-23 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-30 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-352 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-4069 Source: SUSE Type: Third Party Advisory openSUSE-SU-2016:2109 Source: CCN Type: oss-sec Mailing List, Sat, 23 Apr 2016 17:03:50 +0200 CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF Source: CCN Type: oss-sec Mailing List, Sat, 23 Apr 2016 19:53:03 -0400 (EDT) Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20160423 Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF Source: BID Type: UNKNOWN 92654 Source: CCN Type: BID-92654 RoundCube Webmail CVE-2016-4069 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN roundcube-cve20164069-csrf(112616) Source: CCN Type: Roundcube GIT Repository Fix XSS issue in SVG images handling (#1490625) Source: CONFIRM Type: Issue Tracking, Patch https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 Source: CONFIRM Type: Issue Tracking, Patch https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 Source: CONFIRM Type: Issue Tracking, Mailing List https://github.com/roundcube/roundcubemail/issues/4957 Source: CONFIRM Type: Release Notes https://github.com/roundcube/roundcubemail/releases/tag/1.1.5 Source: CONFIRM Type: Release Notes https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-4069 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||