First published: Thu Aug 25 2016(Updated: )
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
openSUSE | =42.1 | |
Roundcube Webmail | <=1.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4069 is classified as a moderate severity vulnerability due to its potential for causing denial of service and unauthorized actions on behalf of users.
To fix CVE-2016-4069, you should upgrade to Roundcube Webmail version 1.1.5 or later, as this version addresses the CSRF vulnerability.
CVE-2016-4069 affects Roundcube Webmail versions up to 1.1.4 and openSUSE Leap 42.1 installations.
While CVE-2016-4069 primarily can result in denial of service, it does pose a risk of unauthorized actions which could lead to inadvertent data exposure.
In the context of CVE-2016-4069, CSRF allows attackers to exploit authenticated sessions to perform actions without the user's consent.