Security Advisory

CVE-2020-27742

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-28 18:44:36

Last updated 2024-08-04 16:18:45

Assigner mitre

State PUBLISHED

Description

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone elses emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

← Browse all CVEs View on cve.org ↗