vulnerability
Oracle Linux: CVE-2019-19783: ELSA-2020-4655: cyrus-imapd security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:C/A:N) | Dec 19, 2019 | Nov 12, 2020 | Nov 27, 2024 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:C/A:N)
Published
Dec 19, 2019
Added
Nov 12, 2020
Modified
Nov 27, 2024
Description
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
Solutions
oracle-linux-upgrade-cyrus-imapdoracle-linux-upgrade-cyrus-imapd-utilsoracle-linux-upgrade-cyrus-imapd-vzic
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.