vulnerability
Ubuntu: USN-4566-1 (CVE-2019-19783): Cyrus IMAP Server vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Dec 16, 2019 | Oct 6, 2020 | Mar 22, 2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Dec 16, 2019
Added
Oct 6, 2020
Modified
Mar 22, 2023
Description
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
Solution(s)
ubuntu-upgrade-cyrus-adminubuntu-upgrade-cyrus-caldavubuntu-upgrade-cyrus-commonubuntu-upgrade-cyrus-imapdubuntu-upgrade-cyrus-replication
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.