CVE-2010-3304 — Dovecot vulnerability

CWE-2647 documents7 sources

Severity

6.4MEDIUMNVD

EPSS

1.7%

top 17.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedSep 24

Latest updateMay 17

Description

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1.2.13-1 (bookworm)

▶Debiandovecot/dovecot< 1.2.13-1+3

▶NVDdovecot/dovecot13 versions+12

Patches

Patch: www.dovecot.org ↗Patch: www.dovecot.org ↗

🔴Vulnerability Details

GHSA

GHSA-8j3r-92hg-4567: The ACL plugin in Dovecot 1↗2022-05-17

▶

OSV

CVE-2010-3304: The ACL plugin in Dovecot 1↗2010-09-24

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerabilities↗2011-02-07

▶

Red Hat

dovecot: INBOX ACLs to newly created mailboxes propagation, possibly leading to weak ACLs↗2010-07-24

▶

Debian

CVE-2010-3304: dovecot - The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly cre...↗2010

▶

💬Community

Bugzilla

CVE-2010-3304 dovecot: INBOX ACLs to newly created mailboxes propagation, possibly leading to weak ACLs↗2011-10-14

▶