plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dovecot dovecot 1.2.6 |
||
dovecot dovecot 1.2.7 |
||
dovecot dovecot 1.2.4 |
||
dovecot dovecot 1.2.5 |
||
dovecot dovecot 1.2.13 |
||
dovecot dovecot 1.2.14 |
||
dovecot dovecot 1.2.2 |
||
dovecot dovecot 1.2.3 |
||
dovecot dovecot 1.2.11 |
||
dovecot dovecot 1.2.12 |
||
dovecot dovecot 1.2.0 |
||
dovecot dovecot 1.2.1 |
||
dovecot dovecot 1.2.8 |
||
dovecot dovecot 1.2.9 |
||
dovecot dovecot 1.2.10 |
||
dovecot dovecot 2.0.4 |
||
dovecot dovecot 2.0.1 |
||
dovecot dovecot 2.0.0 |
||
dovecot dovecot 2.0.3 |
||
dovecot dovecot 2.0.2 |