CVE-2014-9587

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-9587

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-9587.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-9587

Related

DLA-613-1

Published

2015-01-15T15:59:21Z

Modified

2024-09-18T01:00:21Z

Summary

[none]

Details

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

References

Affected packages

Debian:11 / roundcube

Package

Name: roundcube
Purl: pkg:deb/debian/roundcube?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1+dfsg.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / roundcube

Package

Name: roundcube
Purl: pkg:deb/debian/roundcube?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1+dfsg.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / roundcube

Package

Name: roundcube
Purl: pkg:deb/debian/roundcube?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1+dfsg.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}