Vulnerability Details CVE-2020-29547
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.3%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2020-29547
-
cpe:2.3:a:citadel:webcit:-
-
cpe:2.3:a:citadel:webcit:7.10
-
cpe:2.3:a:citadel:webcit:7.86
-
cpe:2.3:a:citadel:webcit:7.87
-
cpe:2.3:a:citadel:webcit:8.01
-
cpe:2.3:a:citadel:webcit:8.02
-
cpe:2.3:a:citadel:webcit:8.03
-
cpe:2.3:a:citadel:webcit:8.05
-
cpe:2.3:a:citadel:webcit:8.06
-
cpe:2.3:a:citadel:webcit:8.12
-
cpe:2.3:a:citadel:webcit:8.13
-
cpe:2.3:a:citadel:webcit:8.14
-
cpe:2.3:a:citadel:webcit:8.16
-
cpe:2.3:a:citadel:webcit:8.20
-
cpe:2.3:a:citadel:webcit:8.22
-
cpe:2.3:a:citadel:webcit:8.23
-
cpe:2.3:a:citadel:webcit:8.24
-
cpe:2.3:a:citadel:webcit:9.01
-
cpe:2.3:a:citadel:webcit:902
-
cpe:2.3:a:citadel:webcit:926