An issue exists in Cyrus IMAP prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x up to and including 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cyrus imap |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
canonical ubuntu linux 18.04 |