CVE-2020-12626 — Cross-Site Request Forgery in Webmail
Severity
6.5MEDIUMNVD
OSV6.1
EPSS
1.3%
top 20.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 4
Latest updateAug 8
Description
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Oracle▶
Oracle Oracle Insurance Applications Risk Matrix: Architecture (Apache POI) — CVE-2017-12626↗2020-07-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: IDIH Visualization (Apache POI) — CVE-2017-12626↗2020-04-15
Oracle▶
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (Apache POI) — CVE-2017-12626↗2020-01-15
Debian▶
CVE-2020-12626: roundcube - An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cau...↗2020
💬Community
3Bugzilla▶
CVE-2020-12626 roundcubemail: CSRF attack can cause an authenticated user to be logged out because POST was not considered [fedora-all]↗2020-05-20
Bugzilla▶
CVE-2020-12626 roundcubemail: CSRF attack can cause an authenticated user to be logged out because POST was not considered [epel-all]↗2020-05-20
Bugzilla▶
CVE-2020-12626 roundcubemail: CSRF attack can cause an authenticated user to be logged out because POST was not considered↗2020-05-20