Vulnerability Description
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailu | Mailu | < 1.7 |
Related Weaknesses (CWE)
References
- https://github.com/Mailu/Mailu/issues/1354Third Party Advisory
- https://github.com/Mailu/Mailu/security/advisories/GHSA-2467-p5gv-58q6MitigationThird Party Advisory
- https://github.com/Mailu/Mailu/issues/1354Third Party Advisory
- https://github.com/Mailu/Mailu/security/advisories/GHSA-2467-p5gv-58q6MitigationThird Party Advisory
FAQ
What is CVE-2020-5239?
CVE-2020-5239 is a vulnerability with a CVSS score of 8.7 (HIGH). In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untruste...
How severe is CVE-2020-5239?
CVE-2020-5239 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5239?
Check the references section above for vendor advisories and patch information. Affected products include: Mailu Mailu.