Red Hat Bugzilla – Bug 1026493
CVE-2013-6365 horde: CSRF in changing permissions functionality
Last modified: 2016-03-04 05:47:19 EST
A CSRF flaw was reported , in the way Horde Groupware handled requests to change permissions. Due to a missing unique token in the form, an attacker with knowledge of the victim's name and address book ID could transmit unauthorized commands to Horde Groupware as the victim.
This has been fixed in git. 
Created horde tracking bugs for this issue:
Affects: fedora-all [bug 1026494]
Affects: epel-all [bug 1026496]