CVE-2010-3779

Published Oct 6, 2010

Last updated 3 months ago

CVSS info 3.5

Overview

Description: Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD2D1C99-0594-4378-AA6C-EC2E890E41FA"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96F35305-79B4-49CD-A89F-A559CA9EEB33"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDC7E277-A5AE-4025-8412-E715D1C8C0F9"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DBE1D51-B9D5-4E59-81F6-C6937DA78637"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30B37ACE-64EA-49E7-B836-C3F05CAE0392"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1204F5C2-916D-4C27-A5C4-5B5E0AAA7322"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0C46C8A-EA49-4356-BA6B-8EC0F2E70B3B"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96F54038-B17B-40C0-9C2E-20AF55E7602B"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBB0B72A-1C7D-4F89-BE89-CD82F667CB76"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEF89EB6-CBF5-48DF-8FDD-2C0AE0266B3D"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41B2B3D8-EB69-4BD8-ACD5-CB6BFDE6B2FB"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1A909DC-0D77-4690-87D2-51A7564B63B8"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2F767F-5D7F-40AC-BA57-4E819F486301"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68296C7C-B72C-46E7-A280-5E86E1470FDC"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E1AF54-0446-49FB-A6B8-AF14833A3D0C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:2.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DDF90CB-3787-4872-B292-CE12FB6D62EF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References