Vulnerability Name:

CVE-2019-19783 (CCN-173151)

Assigned:2019-12-13
Published:2019-12-13
Updated:2022-05-03
Summary:An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-269
CWE-287
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2019-19783

Source: XF
Type: UNKNOWN
cyrus-imap-cve201919783-priv-esc(173151)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2019-7938c21723

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2019-ad23a4522d

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update

Source: CCN
Type: BugTraq Mailing List, Thu, 19 Dec 2019 22:54:18 +0000
[SECURITY] [DSA 4590-1] cyrus-imapd security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202006-23

Source: UBUNTU
Type: Third Party Advisory
USN-4566-1

Source: CCN
Type: Cyrus IMAP Web site
Cyrus IMAP 2.5.15 Release Notes

Source: MISC
Type: Patch, Release Notes, Vendor Advisory
https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html

Source: MISC
Type: Patch, Release Notes, Vendor Advisory
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html

Source: DEBIAN
Type: Third Party Advisory
DSA-4590

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cyrus:imap:*:*:*:*:*:*:*:* (Version >= 2.5.0 and < 2.5.15)
  • OR cpe:/a:cyrus:imap:*:*:*:*:*:*:*:* (Version >= 3.0.0 and < 3.0.13)
  • OR cpe:/a:cyrus:imap:*:*:*:*:*:*:*:* (Version >= 3.1.0 and < 3.1.8)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cyrus:imap:2.5.14:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:imap:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:cyrus:imap:3.1.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20204655
    P
    		RHSA-2020:4655: cyrus-imapd security update (Moderate)
    2020-11-04
    oval:com.ubuntu.disco:def:2019197830000000
    V
    		CVE-2019-19783 on Ubuntu 19.04 (disco) - medium.
    2019-12-16
    oval:com.ubuntu.bionic:def:2019197830000000
    V
    		CVE-2019-19783 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-12-16
    BACK
    cyrus imap *
    cyrus imap *
    cyrus imap *
    debian debian linux 9.0
    debian debian linux 10.0
    fedoraproject fedora 30
    fedoraproject fedora 31
    canonical ubuntu linux 18.04
    cyrus imap 2.5.14
    cyrus imap 3.0.12
    cyrus imap 3.1.7