OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-290,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 34 |
| trusteddomain | opendmarc | * |
| fedoraproject | fedora | 33 |
| trusteddomain | opendmarc | 1.4.0 |
| pypolicyd-spf_project | pypolicyd-spf | 2.0.2 |