6.4
CVE-2010-3304
- EPSS 2.71%
- Veröffentlicht 24.09.2010 19:00:04
- Zuletzt bearbeitet 16.06.2026 23:22:33
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.71% | 0.84 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.openwall.com/lists/oss-security/2010/09/16/14
http://www.openwall.com/lists/oss-security/2010/09/16/17
http://www.securityfocus.com/bid/41964
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301