CVE-2011-1491

2011-04-0815:17:00

CWE-20

[email protected]

web.nvd.nist.gov

roundcube webmail

cve-2011-1491

information security

authentication

sensitive information

5.6 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.2%

JSON

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker’s account and then compose an e-mail message, related to a “login CSRF” issue.

CPENameOperatorVersion
roundcube:webmailroundcube webmaileq0.1
roundcube:webmailroundcube webmaileq0.4
roundcube:webmailroundcube webmaileq0.3
roundcube:webmailroundcube webmaileq0.5
roundcube:webmailroundcube webmaileq0.2
roundcube:webmailroundcube webmaileq0.4.2
roundcube:webmailroundcube webmaileq0.1.1
roundcube:webmailroundcube webmaileq0.4.1
roundcube:webmailroundcube webmaileq0.3.1
roundcube:webmailroundcube webmaileq0.2.1

CPE	Name	Operator	Version
roundcube:webmail	roundcube webmail	eq	0.1
roundcube:webmail	roundcube webmail	eq	0.4
roundcube:webmail	roundcube webmail	eq	0.3
roundcube:webmail	roundcube webmail	eq	0.5
roundcube:webmail	roundcube webmail	eq	0.2
roundcube:webmail	roundcube webmail	eq	0.4.2
roundcube:webmail	roundcube webmail	eq	0.1.1
roundcube:webmail	roundcube webmail	eq	0.4.1
roundcube:webmail	roundcube webmail	eq	0.3.1
roundcube:webmail	roundcube webmail	eq	0.2.1