Base Score

MEDIUM5.9

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateJan 22, 2020, 02:15

Affected Versions(1)

postfix-mta-sts-resolver(PyPI)

Introduced0

Fixed0.5.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
postfix-mta-sts-resolver(PyPI)	0	0.5.1	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

Base Score

MEDIUM5.9

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH