PT-2021-3383 · Dovecot+4 · Dovecot+4

Kirin

·

Published

2021-06-21

·

Updated

2025-01-30

·

CVE-2021-29157

CVSS v3.1

7.5

High

VectorAC:H/AV:L/A:N/C:H/I:H/PR:L/S:C/UI:N
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.3.15
Description The issue allows for ../ Path Traversal, enabling an attacker with local filesystem access to trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during local JWT validation with the posix fs driver. The vulnerability is related to errors in encoding the kid and azp fields in JWT tokens, which can allow an attacker to gain unauthorized access to protected information.
Recommendations For versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the local filesystem to minimize the risk of exploitation. Additionally, restrict the use of local JWT validation with the posix fs driver until the update is applied.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

ALT-PU-2021-2500
ALT-PU-2021-2537
ALT-PU-2021-2548
ALT-PU-2021-2579
AZL-7195
BDU:2021-03234
CVE-2021-29157
MGASA-2021-0557
OPENSUSE-SU-2021:0920-1
OPENSUSE-SU-2021:1225-1
OPENSUSE-SU-2021:2123-1
OPENSUSE-SU-2021:2892-1
OPENSUSE-SU-2021_0920-1
OPENSUSE-SU-2021_1225-1
OPENSUSE-SU-2021_2123-1
OPENSUSE-SU-2021_2892-1
OPENSUSE-SU-2024:10726-1
OPENSUSE-SU-2025:14715-1
SUSE-SU-2021:2122-1
SUSE-SU-2021:2123-1
SUSE-SU-2021:2124-1
SUSE-SU-2021:2890-1
SUSE-SU-2021:2891-1
SUSE-SU-2021:2892-1
SUSE-SU-2021_2122-1
SUSE-SU-2021_2123-1
SUSE-SU-2021_2124-1
USN-4993-1

Affected Products

Alt Linux
Dovecot
Linuxmint
Suse
Ubuntu