vulnerability
CentOS Linux: CVE-2019-19783: Moderate: cyrus-imapd security update (CESA-2020:4655)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Dec 16, 2019 | Nov 5, 2020 | May 25, 2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Dec 16, 2019
Added
Nov 5, 2020
Modified
May 25, 2023
Description
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
Solutions
centos-upgrade-cyrus-imapdcentos-upgrade-cyrus-imapd-debuginfocentos-upgrade-cyrus-imapd-debugsourcecentos-upgrade-cyrus-imapd-utilscentos-upgrade-cyrus-imapd-utils-debuginfocentos-upgrade-cyrus-imapd-vziccentos-upgrade-cyrus-imapd-vzic-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.