Msrc Cbl2 Dovecot 2.3.20-1 On Cbl Mariner 2.0 vulnerabilities
4 known vulnerabilities affecting msrc/cbl2_dovecot_2.3.20-1_on_cbl_mariner_2.0.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-30550HIGHCVSS 8.82022-07-12
CVE-2022-30550 [HIGH] CWE-287 An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings incorrect username_filter and mec
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrect
msrc
CVE-2021-29157MEDIUMCVSS 5.52021-06-08
CVE-2021-29157 [HIGH] CWE-22 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs dri
msrc
CVE-2020-28200MEDIUMCVSS 4.32021-06-08
CVE-2020-28200 [MEDIUM] CWE-770 The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption as demonstrated by a situation with a complex regular expression for the regex extension.
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption as demonstrated by a situation with a complex regular expression for the regex extension.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affect
msrc
CVE-2021-33515MEDIUMCVSS 4.82021-06-08
CVE-2021-33515 [MEDIUM] CWE-77 The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by t
msrc