Lucene search

K

RedhatCVELIST:CVE-2019-3814

HistoryMar 27, 2019 - 12:20 p.m.

CVE-2019-3814

2019-03-2712:20:45

CWE-295

redhat

www.cve.org

8

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

69.4%

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

CNA Affected

[
  {
    "product": "dovecot",
    "vendor": "dovecot",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.36.1"
      },
      {
        "status": "affected",
        "version": "2.3.4.1"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html

access.redhat.com/errata/RHSA-2019:3467

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/

security.gentoo.org/glsa/201904-19

www.dovecot.org/list/dovecot/2019-February/114575.html

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

69.4%

Related for CVELIST:CVE-2019-3814

alpinelinux1 archlinux1 openvas15 nessus28 mageia1 redhat2 veracode1 redhatcve1 ubuntucve1 debian3 freebsd1 cve1 osv3 suse2 ubuntu2 prion1 nvd1 debiancve1 hackerone1 amazon2 centos1 gentoo1 oraclelinux2 fedora2