Описание
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.2.33.2-1ubuntu4.2 |
| cosmic | released | 1:2.3.2.1-1ubuntu3.1 |
| devel | released | 1:2.3.4.1-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1:2.2.9-1ubuntu2.5 |
| esm-infra/bionic | not-affected | 1:2.2.33.2-1ubuntu4.2 |
| esm-infra/xenial | not-affected | 1:2.2.22-1ubuntu2.9 |
| precise/esm | not-affected | 1:2.0.19-0ubuntu2.6 |
| trusty | released | 1:2.2.9-1ubuntu2.5 |
| trusty/esm | not-affected | 1:2.2.9-1ubuntu2.5 |
| upstream | released | 2.2.36.1,2.3.4.1 |
Показывать по
EPSS
4.9 Medium
CVSS2
7.7 High
CVSS3
Связанные уязвимости
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 in ...
EPSS
4.9 Medium
CVSS2
7.7 High
CVSS3