Lucene search

[email protected]CVE-2020-29547

HistoryMay 29, 2023 - 7:15 p.m.

CVE-2020-29547

2023-05-2919:15:09

CWE-77

[email protected]

web.nvd.nist.gov

citadel

webcit

vulnerability

cve-2020-29547

meddler-in-the-middle

credential disclosure

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.

Affected configurations

NVD

Node

citadelwebcitRange≤926

CPENameOperatorVersion
citadel:webcitcitadel webcitle926

CPE	Name	Operator	Version
citadel:webcit	citadel webcit	le	926

References

uncensored.citadel.org/dotgoto?room=Citadel%20Security

uncensored.citadel.org/msg/4576039

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

Related for CVE-2020-29547

nvd1 ubuntucve1 prion1 debiancve1 cvelist1