Описание
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 1.0.beta3-3ubuntu5.6 |
| devel | not-affected | 1:1.2.15-3ubuntu1 |
| hardy | not-affected | 1:1.0.10-1ubuntu5.2 |
| jaunty | ignored | end of life |
| karmic | not-affected | 1:1.1.11-0ubuntu11 |
| lucid | released | 1:1.2.9-1ubuntu6.3 |
| maverick | released | 1:1.2.12-1ubuntu8.1 |
| upstream | released | 1.2.15, 2.0.5 |
Показывать по
EPSS
3.5 Low
CVSS2
Связанные уязвимости
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ...
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
EPSS
3.5 Low
CVSS2