{"id":"CVE-2016-4069","details":"Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.","modified":"2026-04-16T01:48:29.767537120Z","published":"2016-08-25T18:59:00.097Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/92654"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/04/23/4"},{"type":"ADVISORY","url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.5"},{"type":"ADVISORY","url":"https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115"},{"type":"REPORT","url":"https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5"},{"type":"REPORT","url":"https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53"},{"type":"REPORT","url":"https://github.com/roundcube/roundcubemail/issues/4957"},{"type":"FIX","url":"https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5"},{"type":"FIX","url":"https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/04/23/4"},{"type":"ARTICLE","url":"https://github.com/roundcube/roundcubemail/issues/4957"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/roundcube/roundcubemail","events":[{"introduced":"0"},{"fixed":"25bc871ee79a6d469822d999b09c9b5d73fccf1f"},{"introduced":"0"},{"fixed":"4a408843b0ef816daf70a472a02b78cd6073a4d5"},{"introduced":"0"},{"fixed":"699af1e5206ed9114322adaa3c25c1c969640a53"}]}],"versions":["1.1-beta","1.1-rc","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.2-beta","v0.1-beta2","v1.0-beta"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4069.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}