CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
EPSS
Percentile
61.6%
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x
before 2.0.5 interprets an ACL entry as a directive to add to the
permissions granted by another ACL entry, instead of a directive to replace
the permissions granted by another ACL entry, in certain circumstances
involving more specific entries that occur after less specific entries,
which allows remote authenticated users to bypass intended access
restrictions via a request to read or modify a mailbox.
Author | Note |
---|---|
sbeattie | from upstream email at http://www.dovecot.org/list/dovecot/2010-October/053452.html it sounds like problem was introduced in 1.2.8, so earlier may not be vulnerable. |
mdeslaur | seems to be introduced by this: http://hg.dovecot.org/dovecot-1.2/rev/76ff6831c9ae |