{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a \"login CSRF\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110324 CVE request: roundcube < 0.5.1 CSRF", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/24/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.roundcube.net/changeset/4490"}, {"name": "[oss-security] 20110324 Re: CVE request: roundcube < 0.5.1 CSRF", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/03/24/4"}, {"name": "[oss-security] 20110404 Re: CVE request: roundcube < 0.5.1 CSRF", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/04/50"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.roundcube.net/wiki/Changelog"}, {"name": "roundcube-login-info-disclosure(66815)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66815"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.705Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110324 CVE request: roundcube < 0.5.1 CSRF", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/24/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.roundcube.net/changeset/4490"}, {"name": "[oss-security] 20110324 Re: CVE request: roundcube < 0.5.1 CSRF", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/03/24/4"}, {"name": "[oss-security] 20110404 Re: CVE request: roundcube < 0.5.1 CSRF", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/04/50"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.roundcube.net/wiki/Changelog"}, {"name": "roundcube-login-info-disclosure(66815)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66815"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1491", "datePublished": "2011-04-08T15:00:00", "dateReserved": "2011-03-21T00:00:00", "dateUpdated": "2024-08-06T22:28:41.705Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E961628-4624-4095-8CE6-698F66BF462B", "versionEndIncluding": "0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C785B00-7F4D-4EBD-A9FA-726D4D35E5D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "8F433741-5F73-43B5-A522-C484C64C66A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*", "matchCriteriaId": "09DF755B-041E-4A61-BEF6-A613F6F0CE13", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "34D20437-7DE7-4DB8-8C11-37B09A87E3A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "55FB4AA3-3528-46B7-BBB9-9185DAA5425C", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "066AA2BC-95A8-43E8-A1FE-9F15860691E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "82FB886B-35A4-4A8C-AE18-62C845886018", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "83FF6973-9BAC-4DF2-BACE-42F0D9340A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "EB6449FD-C6EE-497C-BE34-88900883AD09", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*", "matchCriteriaId": "0CEF8BF6-E09F-4376-B089-9B722A84F591", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "946B0B6A-46D3-46B9-BD1E-B03D3339EEB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4D6EA96-EE58-47C3-B545-7238B3F64941", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*", "matchCriteriaId": "3584BB62-818D-4A5B-BC7D-EAB0B85614EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "332FF744-3682-4818-9602-8F868BF0781E", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B502047-4DDD-4586-978C-6CEE1C41F923", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "43581564-48CF-410C-9CE1-CBAE71153DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*", "matchCriteriaId": "6A5CC548-05E4-4059-8252-FA78ECBB95A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3FA495A-D7FE-4461-AF57-EB649A1C49B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D773E61-113A-4EE8-804E-0584B73AB58D", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*", "matchCriteriaId": "FC0D4825-F78E-40F5-A9CB-45B73DE8FBD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*", "matchCriteriaId": "9C8376B9-4DF2-4E23-9C43-EEDE3D800519", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a \"login CSRF\" issue."}, {"lang": "es", "value": "El formulario de login en Roundcube Webmail anterior a v0.5.1 no maneja correctamente un intento de login no intencionado, lo que hace m\u00e1s f\u00e1cil para usuarios remotos autenticados de obtener informaci\u00f3n sensible haciendo que una v\u00edctima haga login en la cuenta del atacante para luego componer un e-mail, relacionado con un problema de \"login CSRF\"."}], "id": "CVE-2011-1491", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-04-08T15:17:28.400", "references": [{"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/03/24/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/24/4"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/04/50"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://trac.roundcube.net/changeset/4490"}, {"source": "secalert@redhat.com", "url": "http://trac.roundcube.net/wiki/Changelog"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66815"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/03/24/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/03/24/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/04/50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://trac.roundcube.net/changeset/4490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://trac.roundcube.net/wiki/Changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66815"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}