CVE-2021-29157Path Traversal in Dovecot

CWE-22Path TraversalCWE-20Improper Input Validation8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 26.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
DovecotDebian DovecotFedoraproject Fedora+1 more
Timeline
PublishedJun 28
Latest updateMay 24

Description

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/dovecot< dovecot 1:2.3.13+dfsg1-2 (bookworm)
NVDdovecot/dovecot2.3.112.3.14.1
Debiandovecot/dovecot< 1:2.3.13+dfsg1-2+3
Ubuntudovecot/dovecot< 1:2.3.7.2-1ubuntu3.4

Also affects: Fedora 33, 34

🔴Vulnerability Details

3
GHSA
GHSA-89g9-v7q6-px25: Dovecot before 22022-05-24
OSV
CVE-2021-29157: Dovecot before 22021-06-28
OSV
dovecot vulnerabilities2021-06-21

📋Vendor Advisories

4
Ubuntu
Dovecot vulnerabilities2021-06-21
Red Hat
dovecot: local attacker can login as any user and access their emails2021-06-21
Microsoft
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location2021-06-08
Debian
CVE-2021-29157: dovecot - Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the ...2021