CVE-2019-20790 log

Source
Severity Low
Remote Yes
Type Authentication bypass
Description 
OpenDMARC before 1.4.1, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
Group Package Affected Fixed Severity Status Ticket
AVG-1375 opendmarc 1.4.0-2 1.4.1.1-1 Medium Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-13 AVG-1375 opendmarc Medium multiple issues
References 
https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20970
https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
https://sourceforge.net/p/opendmarc/tickets/235/
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
https://github.com/trusteddomainproject/OpenDMARC/issues/49
https://github.com/trusteddomainproject/OpenDMARC/issues/158
https://github.com/trusteddomainproject/OpenDMARC/commit/d72e1ec0ae6ed3a9827b31be4f268fc528232371
https://github.com/trusteddomainproject/OpenDMARC/commit/9c0db8c12e4488fbf948afc27d8395d0c6bb53bd
https://github.com/trusteddomainproject/OpenDMARC/commit/5f980792546d11bc16dff7f875188ba81989ba33