{"id":"DEBIAN-CVE-2011-1491","details":"The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a \"login CSRF\" issue.","modified":"2026-05-10T17:02:46.379294Z","published":"2011-04-08T15:17:28.400Z","upstream":["CVE-2011-1491"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-1491"}],"affected":[{"package":{"name":"roundcube","ecosystem":"Debian:11","purl":"pkg:deb/debian/roundcube?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.1-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1491.json"}},{"package":{"name":"roundcube","ecosystem":"Debian:12","purl":"pkg:deb/debian/roundcube?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.1-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1491.json"}},{"package":{"name":"roundcube","ecosystem":"Debian:13","purl":"pkg:deb/debian/roundcube?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.1-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1491.json"}}],"schema_version":"1.7.5"}