Описание
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Отчет
Not vulnerable. This issue did not affect the versions of dovecot as shipped with Red Hat Enterprise Linux 4, 5 or 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 5 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 6 | dovecot | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS2
Связанные уязвимости
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ...
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
EPSS
5.5 Medium
CVSS2