CVE-2011-1491
EPSS 0.39%發布日:2011/4/8修改日:2026/5/29
描述
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.
受影響套件(1)
- Debian/roundcubefrom 0, < 0.5.1-1