vulnerability

Oracle Linux: CVE-2019-19783: ELSA-2020-4655: cyrus-imapd security update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:C/A:N)	2019-12-19	2020-11-12	2024-11-27

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:C/A:N)

Published

2019-12-19

Added

2020-11-12

Modified

2024-11-27

Description

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.

Solution(s)

oracle-linux-upgrade-cyrus-imapdoracle-linux-upgrade-cyrus-imapd-utilsoracle-linux-upgrade-cyrus-imapd-vzic

References

CVE-2019-19783
https://attackerkb.com/topics/CVE-2019-19783
ELSA-ELSA-2020-4655

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today