CVE-2019-16791 MEDIUM

CVE-2019-16791: downgrade of effective Strict Transport Security (STS) policy in postfix-mta-sts-resolver

Vendor Snawoot
Product postfix-mta-sts-resolver
Weakness CWE-757
Published January 22, 2020
Last update August 5, 2024

CVSS base score

6.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

Key dates

02Disclosure timeline

January 22, 2020 CVE published
August 5, 2024 Record updated