CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
citadelwebcit
𝑥
≤ 932
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
citadel
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
ignored
hirsute
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
References
http://uncensored.citadel.org/dotgoto?room=Citadel%20Security
https://nostarttls.secvuln.info/
https://uncensored.citadel.org/msg/2099264259
http://uncensored.citadel.org/dotgoto?room=Citadel%20Security
https://nostarttls.secvuln.info/
https://uncensored.citadel.org/msg/2099264259