Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dovecot dovecot 1.2.4 |
||
dovecot dovecot 1.2.5 |
||
dovecot dovecot 1.2.13 |
||
dovecot dovecot 1.2.14 |
||
dovecot dovecot 1.2.2 |
||
dovecot dovecot 1.2.3 |
||
dovecot dovecot 1.2.10 |
||
dovecot dovecot 1.2.11 |
||
dovecot dovecot 1.2.12 |
||
dovecot dovecot 1.2.0 |
||
dovecot dovecot 1.2.1 |
||
dovecot dovecot 1.2.8 |
||
dovecot dovecot 1.2.9 |
||
dovecot dovecot 1.2.6 |
||
dovecot dovecot 1.2.7 |
||
dovecot dovecot 2.0 |