PT-2020-3643 · Roundcube+3 · Roundcube Webmail+3

Xudongzheng

·

Published

2020-04-30

·

Updated

2024-03-06

·

CVE-2020-12626

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.4.4
Description The issue is related to a CSRF attack that can cause an authenticated user to be logged out. This is because POST was not considered, leading to insufficient protection against cross-site request forgery. The exploitation of this issue may allow a remote attacker to cause a denial of service.
Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2020-1898
ALT-PU-2020-2367
BDU:2020-03991
BIT-ROUNDCUBE-2020-12626
CVE-2020-12626
DSA-4674-1
MGASA-2020-0206
USN-5182-1

Affected Products

Alt Linux
Linuxmint
Roundcube Webmail
Ubuntu