← Back

CVE-2010-3779

nvd nist
Published: Oct 6, 2010Modified: Apr 29, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:N/I:P/A:N
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.

Affected (16)

Products: Dovecot: Dovecot
Dovecot
1 product
Dovecot
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Dovecot
Dovecot
Version 1.2.0
Dovecot
Version 1.2.10
Dovecot
Version 1.2.11
Dovecot
Version 1.2.12
Dovecot
Version 1.2.13
Dovecot
Version 1.2.14
Dovecot
Version 1.2.1
Dovecot
Version 1.2.2
Dovecot
Version 1.2.3
Dovecot
Version 1.2.4
Dovecot
Version 1.2.5
Dovecot
Version 1.2.6
Dovecot
Version 1.2.7
Dovecot
Version 1.2.8
Dovecot
Version 1.2.9
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Dovecot
Version 2.0 beta1

Related CWEs

CWE-264
CWE-264

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.