vulnerability
Ubuntu: USN-4566-1 (CVE-2019-19783): Cyrus IMAP Server vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Dec 16, 2019 | Oct 6, 2020 | Mar 27, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Dec 16, 2019
Added
Oct 6, 2020
Modified
Mar 27, 2026
Description
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
Solutions
ubuntu-upgrade-cyrus-adminubuntu-upgrade-cyrus-caldavubuntu-upgrade-cyrus-commonubuntu-upgrade-cyrus-imapdubuntu-upgrade-cyrus-replication
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.