Lucene search

FreeBSD75C24C1D-B688-11DD-88FD-001C2514716C

HistoryOct 05, 2008 - 12:00 a.m.

dovecot -- ACL plugin bypass vulnerabilities

2008-10-0500:00:00

vuxml.freebsd.org

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

77.4%

JSON

Timo Sirainen reports in dovecot 1.1.4 release notes:

ACL plugin fixes: Negative rights were actually treated
as positive rights. ‘k’ right didn’t prevent creating
parent/child/child mailbox. ACL groups weren’t working.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdovecot< 1.1.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	dovecot	< 1.1.4	UNKNOWN

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for 75C24C1D-B688-11DD-88FD-001C2514716C