Roundcube · Roundcube Webmail · CVE-2016-4069
**Name of the Vulnerable Software and Affected Versions**
Roundcube Webmail versions prior to 1.1.5
**Description**
A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that download attachments, potentially causing a denial of service due to disk consumption.
**Recommendations**
For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue.