Lucene search

K

Veracode Vulnerability DatabaseVERACODE:27796

HistoryNov 05, 2020 - 3:10 a.m.

Privilege Escalation

2020-11-0503:10:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

cyrus-imapd

privilege escalation

vulnerability

fileinto

acl checks

EPSS

0.001

Percentile

45.4%

cyrus-imapd is vulnerable to privilege escalation. It is possible in component created mailboxes with administrator privileges if the “fileinto” was used, bypassing ACL checks.

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

access.redhat.com/errata/RHSA-2020:4655

access.redhat.com/security/updates/classification/#moderate

lists.fedoraproject.org/archives/list/[email protected]/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF/

lists.fedoraproject.org/archives/list/[email protected]/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA/

seclists.org/bugtraq/2019/Dec/38

security.gentoo.org/glsa/202006-23

usn.ubuntu.com/4566-1/

www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html

www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html

www.debian.org/security/2019/dsa-4590

EPSS

0.001

Percentile

45.4%

Related for VERACODE:27796

prion1 debiancve1 cve1 openvas6 debian1 nessus12 osv3 altlinux2 ubuntucve1 mageia1 cvelist1 nvd1 redhatcve1 gentoo1 fedora2 ubuntu1 oraclelinux1 almalinux1 redhat1