Vulnerabilities > CVE-2019-5966 - Authorization Bypass Through User-Controlled Key vulnerability in Joruri Mail 2.1.4

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
joruri
CWE-639
NVD
Published: 2019-07-05
Updated: 2020-08-24

Summary

Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Joruri
1

Common Weakness Enumeration (CWE)

References