CVE-2020-5239

Name of the Vulnerable Software and Affected Versions Mailu versions prior to 1.7

Description An authenticated user can exploit a vulnerability in the Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers with open registration or untrusted users are most impacted.

Recommendations For versions prior to 1.7, update to version 1.7 or later, where the master and 1.7 branches are patched on the git repository. Additionally, use the patched Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7, and master. Follow the detailed instructions about patching and securing the server afterwards.