CVE-2010-3779
Published Oct 6, 2010
Last updated 14 years ago
Overview
- Description
- Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD2D1C99-0594-4378-AA6C-EC2E890E41FA"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96F35305-79B4-49CD-A89F-A559CA9EEB33"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDC7E277-A5AE-4025-8412-E715D1C8C0F9"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DBE1D51-B9D5-4E59-81F6-C6937DA78637"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30B37ACE-64EA-49E7-B836-C3F05CAE0392"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1204F5C2-916D-4C27-A5C4-5B5E0AAA7322"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0C46C8A-EA49-4356-BA6B-8EC0F2E70B3B"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96F54038-B17B-40C0-9C2E-20AF55E7602B"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBB0B72A-1C7D-4F89-BE89-CD82F667CB76"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEF89EB6-CBF5-48DF-8FDD-2C0AE0266B3D"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41B2B3D8-EB69-4BD8-ACD5-CB6BFDE6B2FB"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1A909DC-0D77-4690-87D2-51A7564B63B8"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB2F767F-5D7F-40AC-BA57-4E819F486301"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68296C7C-B72C-46E7-A280-5E86E1470FDC"
},
{
"criteria": "cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72E1AF54-0446-49FB-A6B8-AF14833A3D0C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dovecot:dovecot:2.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DDF90CB-3787-4872-B292-CE12FB6D62EF"
}
],
"operator": "OR"
}
]
}
]