VDB
CNVD-2016-02713
CNVD-2016-02713
PUBLISHED
RoundCube Webmail是一款基于浏览器的IMAP客户端(邮件客户端)。 RoundCube Webmail中存在跨站请求伪造漏洞,攻击者可通过发送GET请求(‘_download’参数设置为1),利用该漏洞下载消息附件。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Apr 26, 2016 CVE ID Reserved
- May 4, 2016 CVE Published
- Jun 25, 2026 Security Advisory
References
- 92654 vdb
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 url
- https://github.com/roundcube/roundcubemail/issues/4957 url
- openSUSE-SU-2016:2109 vendor-advisory
- [oss-security] 20160423 Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF mailing-list
- https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 url
- https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 url
- https://github.com/roundcube/roundcubemail/releases/tag/1.1.5 url