CVE-2010-3779 — Dovecot vulnerability

CWE-2647 documents7 sources

Severity

3.5LOWNVD

EPSS

0.3%

top 46.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot

Timeline

PublishedOct 6

Latest updateMay 17

Description

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1:1.2.15-1 (bookworm)

▶Debiandovecot/dovecot< 1:1.2.15-1+3

▶NVDdovecot/dovecot16 versions+15

🔴Vulnerability Details

GHSA

GHSA-83v9-j2gr-cch4: Dovecot 1↗2022-05-17

▶

OSV

CVE-2010-3779: Dovecot 1↗2010-10-06

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerabilities↗2011-02-07

▶

Red Hat

Dovecot: Admin permissions granted to the owner of each mailbox in a non-public namespace↗2010-10-06

▶

Debian

CVE-2010-3779: dovecot - Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permissi...↗2010

▶

💬Community

Bugzilla

CVE-2010-3779 Dovecot: Admin permissions granted to the owner of each mailbox in a non-public namespace↗2010-10-08

▶