Lucene search

Ubuntu.comUB:CVE-2021-29157

HistoryJun 21, 2021 - 12:00 a.m.

CVE-2021-29157

2021-06-2100:00:00

ubuntu.com

dovecot

path traversal

oauth2

vulnerability

local filesystem

hs256

validation key

jwt

posix fs driver

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

17.5%

JSON

Dovecot before 2.3.15 allows …/ Path Traversal. An attacker with access to
the local filesystem can trick OAuth2 authentication into using an HS256
validation key from an attacker-controlled location. This occurs during use
of local JWT validation with the posix fs driver.

Notes

Author	Note
mdeslaur	per upstream, this affects 2.3.11-2.3.14

OSVersionArchitecturePackageVersionFilename
ubuntu20.10noarchdovecot< 1:2.3.11.3+dfsg1-2ubuntu0.2UNKNOWN
ubuntu21.04noarchdovecot< 1:2.3.13+dfsg1-1ubuntu1.1UNKNOWN
ubuntu21.10noarchdovecot< 2.3.13+dfsg1-1ubuntu2UNKNOWN
ubuntu22.04noarchdovecot< 2.3.13+dfsg1-1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.10	noarch	dovecot	< 1:2.3.11.3+dfsg1-2ubuntu0.2	UNKNOWN
ubuntu	21.04	noarch	dovecot	< 1:2.3.13+dfsg1-1ubuntu1.1	UNKNOWN
ubuntu	21.10	noarch	dovecot	< 2.3.13+dfsg1-1ubuntu2	UNKNOWN
ubuntu	22.04	noarch	dovecot	< 2.3.13+dfsg1-1ubuntu2	UNKNOWN