Bugzilla – Bug 848974
VUL-0: CVE-2013-6365: horde5: CSRF in changing permissions functionality
Last modified: 2017-07-12 09:37:16 UTC
CVE-2013-6365 A CSRF flaw was reported in the way Horde Groupware handled requests to change permissions. Due to a missing unique token in the form, an attacker with knowledge of the victim's name and address book ID could transmit unauthorized commands to Horde Groupware as the victim. References: https://bugzilla.redhat.com/show_bug.cgi?id=1026493 http://www.securityfocus.com/archive/1/529590 (proof of concept) http://bugs.horde.org/ticket/12804 https://github.com/horde/horde/commit/b79114d08ee8c8e43e74a179741749529f6d885c (fix)
bugbot adjusting priority
ping?
Dear maintainer, this was fixed in : ------ v5.1.5 ------ [jan] SECURITY: Protect against CSRF attacks on share permissions form (Bug #12804, CVE-2013-6365). openSUSE 13.1 and 13.2 are affected. Note the additional CRSF in the bug. Are you able to provide a fixed package through openSUSE:Maintenance?
Factory version and therefor Leap isn't affected