CVE-2021-20247

🗓️ 23 Feb 2021 18:45:29Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 211 Views

A flaw in mbsync allows malicious servers to access data outside the designated mailbo

Reporter	Title	Published	Views	Family All 36
AlpineLinux	CVE-2021-20247	23 Feb 202118:45	–	alpinelinux
ArchLinux	[ASA-202102-38] isync: directory traversal	27 Feb 202100:00	–	archlinux
Circl	CVE-2021-20247	23 Feb 202122:35	–	circl
CNNVD	Sourceforge mbsync Path Traversal Vulnerability	23 Feb 202100:00	–	cnnvd
Cvelist	CVE-2021-20247	23 Feb 202118:45	–	cvelist
Debian	[SECURITY] [DLA 3066-1] isync security update	1 Jul 202213:01	–	debian
Debian CVE	CVE-2021-20247	23 Feb 202118:45	–	debiancve
Tenable Nessus	Debian DLA-3066-1 : isync - LTS security update	1 Jul 202200:00	–	nessus
Tenable Nessus	Fedora 32 : isync (2021-954ebabcf7)	4 Mar 202100:00	–	nessus
Tenable Nessus	Fedora 33 : isync (2021-ef8c2acfce)	5 Mar 202100:00	–	nessus

NVD

Vulners

Node

mbsync_project mbsyncRange<1.3.5

mbsync_project mbsyncRange1.4.0–1.4.1

Node

fedoraproject extra_packages_for_enterprise_linuxMatch8.0

debian debian_linuxMatch9.0

fedoraproject fedoraMatch32

fedoraproject fedoraMatch33

[
  {
    "product": "isync/mbsync",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.35"
      },
      {
        "status": "affected",
        "version": "before 1.4.1"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2022/07/msg00001.html
openwall	www.openwall.com/lists/oss-security/2021/02/22/1
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
security	www.security.gentoo.org/glsa/202208-15
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXQLCK35QGRCRENRTGKJO4VVZGUXUJJ/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDEBZQJMWDW5JFK4NTHH6DAFNAZTESW/

21 Nov 2024 05:46Current

7.1High risk

Vulners AI Score7.1

CVSS 25.8

CVSS 3.17.4

EPSS0.01695