VDB
CVE-2010-3779
CVE-2010-3779
PUBLISHED
CVSS 3.5 LOW
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
EPSS 0.30% · 53.8th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.30%
53.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| dovecot | dovecot | 1.2.1, 1.2.2, 1.2.3 |
Timeline
- Oct 6, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- USN-1059-1 vendor-advisory
- MDVSA-2010:217 vendor-advisory
- 43220 third-party-advisory
- ADV-2011-0301 vdb
- [dovecot] 20101002 v1.2.15 released mailing-list
- [dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0 mailing-list
- ADV-2010-2840 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2010-3779 advisory