CVE-2008-5301 — Path Traversal in Dovecot

CWE-22 — Path Traversal6 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

0.6%

top 31.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedDec 1

Latest updateMay 17

Description

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1:1.0.15-2.3 (bookworm)

▶Debiandovecot/dovecot< 1:1.0.15-2.3+3

▶NVDdovecot/dovecot20 versions+19

Patches

Patch: www.dovecot.org ↗Patch: www.dovecot.org ↗

🔴Vulnerability Details

GHSA

GHSA-gp93-h8f7-238h: Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1↗2022-05-17

▶

OSV

CVE-2008-5301: Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1↗2008-12-01

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerabilities↗2009-09-28

▶

Debian

CVE-2008-5301: dovecot - Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1...↗2008

▶

Red Hat

CVE-2008-5301: Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1↗

▶