CVE-2002-1782 — Uw-imap vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

University OF Washington Uw-imap Debian Uw-imap

Timeline

PublishedDec 31

Latest updateApr 30

Description

The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Debianuniversity_of_washington/uw-imap< 7:2002ddebian1-2+1

▶NVDuniversity_of_washington/uw-imap2001.0a

▶debiandebian/uw-imap< uw-imap 7:2002ddebian1-2 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-mrc9-g9w2-j5g5: The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a loca↗2022-04-30

▶

OSV

CVE-2002-1782: The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a loca↗2002-12-31

▶

📋Vendor Advisories

Debian

CVE-2002-1782: uw-imap - The default configuration of University of Washington IMAP daemon (wu-imapd), wh...↗2002

▶