GitHub Advisory DatabaseGHSA-VC2P-R46X-M3VXArgument injection in lettre
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.7%
Impact
Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable.
Depending on the implementation (original sendmail, postfix, exim, etc.) it could be possible in some cases to write email data into abritrary files (using sendmail’s logging features).
NOTE: This vulnerability only affects the sendmail transport. Others, including smtp, are not affected.
Fix
The flaw is corrected by modifying the executed command to stop parsing arguments before passing the destination addresses.
References
Affected configurations
References
github.com/advisories/GHSA-vc2p-r46x-m3vx
github.com/lettre/lettre/pull/508/commits/bbe7cc5381c5380b54fb8bbb4f77a3725917ff0b
github.com/lettre/lettre/security/advisories/GHSA-vc2p-r46x-m3vx
github.com/RustSec/advisory-db/pull/478/files
nvd.nist.gov/vuln/detail/CVE-2020-28247
rustsec.org/advisories/RUSTSEC-2020-0069.html
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.7%