CVE-2019-19702
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.
El plugin modoboa-dmarc versión 1.1.0 para Modoboa, es vulnerable a un ataque de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esto para llevar a cabo una denegación de servicio contra la funcionalidad de reportes DMARC, tal y como al hacer referencia al archivo /dev/random dentro de documentos XML que son enviados por correo electrónico a la dirección en el campo rua de los registros DMARC de un dominio.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-10 CVE Reserved
- 2019-12-10 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/modoboa/modoboa-dmarc/issues/38 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Modoboa Search vendor "Modoboa" | Modoboa-dmarc Search vendor "Modoboa" for product "Modoboa-dmarc" | 1.1.0 Search vendor "Modoboa" for product "Modoboa-dmarc" and version "1.1.0" | modoboa |
Affected
| ||||||