CVE-2020-5239

EPSS 0.45%
Veröffentlicht 13.02.2020 01:15:11
Zuletzt bearbeitet 21.11.2024 05:33:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mailu ≫ Mailu Version < 1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.629

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	8.7	2.3	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/Mailu/Mailu/issues/1354

Third Party Advisory

https://github.com/Mailu/Mailu/security/advisories/GHSA-2467-p5gv-58q6

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2020-5239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5239

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-5239