Описание
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.2.33.2-1ubuntu4.7 |
| devel | released | 1:2.3.11.3+dfsg1-2ubuntu1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 1:2.2.33.2-1ubuntu4.7 |
| esm-infra/focal | released | 1:2.3.7.2-1ubuntu3.3 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 1:2.3.7.2-1ubuntu3.3 |
| groovy | released | 1:2.3.11.3+dfsg1-2ubuntu0.1 |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4.9 Medium
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, ...
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
EPSS
4.9 Medium
CVSS2
6.8 Medium
CVSS3