VDB
CVE-2020-29547
CVE-2020-29547
PUBLISHED
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
EPSS 0.68% · 72.1th percentile
Risk Scores
EPSS Score
0.68%
72.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | citadel | 0, 9.01-1 |
| Ubuntu:18.04:LTS | citadel | 917-2, 0, 911-1 |
| Ubuntu:20.04:LTS | citadel | 0, 917-4, 917-3 |
Exploit Intelligence
Timeline
- May 29, 2023 CVE Published
- May 30, 2023 EPSS Score
- Jul 5, 2023 EPSS Score
- Aug 10, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 6, 2024 EPSS Score
- Mar 14, 2024 EPSS Score
- Apr 19, 2024 EPSS Score
- May 25, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-29547 third-party-advisory
- https://uncensored.citadel.org/readfwd?go=Citadel third-party-advisory
- https://nostarttls.secvuln.info/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-29547 third-party-advisory