6.8

CVE-2020-24386

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DovecotDovecot Version >= 2.2.26 < 2.3.13
DebianDebian Linux Version10.0
FedoraprojectFedora Version32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.75% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 1.6 5.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 4.9 6.8 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://dovecot.org/security
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Jan/18
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/160842/Dovecot-2.3.11.3-Access-Bypass.html
Third Party Advisory
VDB Entry
Mailing List
http://www.openwall.com/lists/oss-security/2021/01/04/4
Third Party Advisory
Mailing List
https://doc.dovecot.org/configuration_manual/hibernation/
Vendor Advisory
https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
Vendor Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXDKFLOCUP7I4ELGQ2F4P5TGC6NXMYV7/
https://security.gentoo.org/glsa/202101-01
Third Party Advisory
https://www.debian.org/security/2021/dsa-4825
Third Party Advisory