CVE-2020-5239
HIGHMailu < 1.7 - Authenticated Privilege Escalation via Fetchmail Script
Title source: llmDescription
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354
References (2)
Core 2
Core References
Mitigation, Third Party Advisory x_refsource_confirm
https://github.com/Mailu/Mailu/security/advisories/GHSA-2467-p5gv-58q6
Third Party Advisory x_refsource_misc
https://github.com/Mailu/Mailu/issues/1354
Scores
CVSS v3
8.7
EPSS
0.0089
EPSS Percentile
54.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (1)
mailu/mailu
< 1.7
Published
Feb 13, 2020
Tracked Since
Feb 18, 2026