Home > Vulnerability Database > CVE-2020-29547

Mend.io Vulnerability Database

CVE-2020-29547

Date: May 29, 2023

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.

Severity Score

5.9

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-29547

Url: https://security-tracker.debian.org/tracker/CVE-2020-29547

Url: http://uncensored.citadel.org/msg/4576039

Url: http://uncensored.citadel.org/dotgoto?room=Citadel%20Security

Url: https://www.mend.io/vulnerability-database/CVE-2020-29547

Severity Score

5.9

Weakness Type (CWE)

Command Injection

CWE-77

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2020-29547

Date: May 29, 2023

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?