CSRF Vulnerability in Horde Groupware Web Mail by Horde Group
CVE-2013-6365

5.3MEDIUM

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
5 November 2019

What is CVE-2013-6365?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Horde Groupware Web Mail version 5.1.2. This flaw allows an attacker to send crafted requests that can change permissions without the affected user's consent. The vulnerability poses a risk as it may lead to unauthorized access or manipulation of user settings, compromising the integrity of user accounts and data. It is crucial for users to implement security measures, such as using anti-CSRF tokens and monitoring account activity, to mitigate the potential risks associated with this vulnerability.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.