PT-2010-4721 · Dovecot · Dovecot
Henri Salo
·
Published
2010-09-24
·
Updated
2011-02-12
·
CVE-2010-3304
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Dovecot versions 1.2.x through 1.2.12
Description
The issue allows remote attackers to read mailboxes with unintended weak ACLs due to the propagation of INBOX ACLs to newly created mailboxes in certain configurations.
Recommendations
For Dovecot versions 1.2.x through 1.2.12, update to version 1.2.13 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dovecot