Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-29157

Опубликовано: 28 июн. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.1
CVSS3: 7.5

Описание

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

released

2.3.13+dfsg1-1ubuntu2
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
groovy

released

1:2.3.11.3+dfsg1-2ubuntu0.2
hirsute

released

1:2.3.13+dfsg1-1ubuntu1.1
impish

released

2.3.13+dfsg1-1ubuntu2

Показывать по

Ссылки на источники

EPSS

Процентиль: 29%
0.00105
Низкий

2.1 Low

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-29157

CVSS3: 6.3
redhat
больше 4 лет назад

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

nvd логотип

CVE-2021-29157

CVSS3: 7.5
nvd
больше 4 лет назад

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

msrc логотип

CVE-2021-29157

CVSS3: 5.5
msrc
около 4 лет назад

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

debian логотип

CVE-2021-29157

CVSS3: 7.5
debian
больше 4 лет назад

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...

github логотип

GHSA-89g9-v7q6-px25

github
больше 3 лет назад

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

EPSS

Процентиль: 29%
0.00105
Низкий

2.1 Low

CVSS2

7.5 High

CVSS3