CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
77.0%
Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension (CVE-2020-28200). Dovecot before 2.3.15 allows …/ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver (CVE-2021-29157). The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address (CVE-2021-33515).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | dovecot | < 2.3.17.1-1.1 | dovecot-2.3.17.1-1.1.mga8 |
bugs.mageia.org/show_bug.cgi?id=29160
dovecot.org/pipermail/dovecot-news/2021-December/000468.html
dovecot.org/pipermail/dovecot-news/2021-June/000457.html
dovecot.org/pipermail/dovecot-news/2021-June/000459.html
dovecot.org/pipermail/dovecot-news/2021-June/000460.html
dovecot.org/pipermail/dovecot-news/2021-June/000461.html
dovecot.org/pipermail/dovecot-news/2021-June/000462.html
dovecot.org/pipermail/dovecot-news/2021-October/000465.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
77.0%