CSRF in Horde Groupware
CVE-2015-7984
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for re…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.011 (78.7th percentile) — read the EPSS interpretation.
Affected products
- Horde Groupware
- Horde Horde_application_framework
- Debian Debian_linux — versions 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- [announce] 20151021 [SECURITY] Horde 5.2.8 (final) (Vendor Advisory, mailing-list, x_refsource_MLIST)
- [announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final) (Vendor Advisory, mailing-list, x_refsource_MLIST)
- 38765 (exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
- DSA-3391 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- [announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final) (Vendor Advisory, mailing-list, x_refsource_MLIST)
- cve@mitre.org (Exploit, x_refsource_MISC)