CVE-2008-4578 — Dovecot vulnerability

CWE-2646 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 26.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedOct 15

Latest updateMay 2

Description

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1:1.1.9-1 (bookworm)

▶Debiandovecot/dovecot< 1:1.1.9-1+3

▶NVDdovecot/dovecot1.1.3+55

Patches

Patch: www.dovecot.org ↗Patch: www.dovecot.org ↗

🔴Vulnerability Details

GHSA

GHSA-c8mg-ww68-7qfc: The ACL plugin in Dovecot before 1↗2022-05-02

▶

OSV

CVE-2008-4578: The ACL plugin in Dovecot before 1↗2008-10-15

▶

📋Vendor Advisories

Red Hat

dovecot: bypass of the 'k' right in the ACL plugin↗2008-10-05

▶

Debian

CVE-2008-4578: dovecot - The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended acces...↗2008

▶

💬Community

Bugzilla

CVE-2008-4578 dovecot: bypass of the 'k' right in the ACL plugin↗2008-10-17

▶