6.8
CVE-2020-24386
- EPSS 2.75%
- Veröffentlicht 04.01.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:14:43
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version32
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.75% | 0.843 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:P/I:P/A:N
|
https://dovecot.org/security
http://seclists.org/fulldisclosure/2021/Jan/18
http://packetstormsecurity.com/files/160842/Dovecot-2.3.11.3-Access-Bypass.html
http://www.openwall.com/lists/oss-security/2021/01/04/4
https://doc.dovecot.org/configuration_manual/hibernation/
https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXDKFLOCUP7I4ELGQ2F4P5TGC6NXMYV7/
https://security.gentoo.org/glsa/202101-01
https://www.debian.org/security/2021/dsa-4825