CVE-2019-20790

Name
CVE-2019-20790
Description
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://sourceforge.net/p/opendmarc/tickets/235/
Exploit https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
Technical Description https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D4JGHMALEJEWWG56DKR5OZB22TK7W5B/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBOGOQOK3TIWWJV66MW5YWNRJAFFYGR5/

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status