Dovecot · Dovecot · CVE-2008-5301
**Name of the Vulnerable Software and Affected Versions**
Dovecot versions 1.0.15 through 1.2
**Description**
The issue allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. This is due to a directory traversal vulnerability in the ManageSieve implementation.
**Recommendations**
For versions 1.0.15 through 1.2, update to a version that fixes the ManageSieve implementation to prevent directory traversal attacks.