Dovecot: Security Vulnerabilities
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
CVSS Score
6.8
EPSS Score
0.021
Published
2008-01-04
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
CVSS Score
6.0
EPSS Score
0.013
Published
2007-08-08
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
CVSS Score
4.3
EPSS Score
0.011
Published
2007-04-25
Page 6