CVE-2011-1491
08.04.2011, 15:17
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.Enginsight
| Vendor | Product | Version |
|---|---|---|
| roundcube | webmail | 𝑥 ≤ 0.5 |
| roundcube | webmail | 0.1 |
| roundcube | webmail | 0.1:alpha |
| roundcube | webmail | 0.1:beta |
| roundcube | webmail | 0.1:beta2 |
| roundcube | webmail | 0.1:rc1 |
| roundcube | webmail | 0.1:rc2 |
| roundcube | webmail | 0.1.1 |
| roundcube | webmail | 0.2 |
| roundcube | webmail | 0.2:alpha |
| roundcube | webmail | 0.2:beta |
| roundcube | webmail | 0.2.1 |
| roundcube | webmail | 0.3 |
| roundcube | webmail | 0.3:beta |
| roundcube | webmail | 0.3:rc1 |
| roundcube | webmail | 0.3.1 |
| roundcube | webmail | 0.4 |
| roundcube | webmail | 0.4:beta |
| roundcube | webmail | 0.4.1 |
| roundcube | webmail | 0.4.2 |
| roundcube | webmail | 0.5:beta |
| roundcube | webmail | 0.5:rc |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References