CVE-2010-3304

EUVD-2010-3302
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
dovecotdovecot
1.2.0
dovecotdovecot
1.2.1
dovecotdovecot
1.2.2
dovecotdovecot
1.2.3
dovecotdovecot
1.2.4
dovecotdovecot
1.2.5
dovecotdovecot
1.2.6
dovecotdovecot
1.2.7
dovecotdovecot
1.2.8
dovecotdovecot
1.2.9
dovecotdovecot
1.2.10
dovecotdovecot
1.2.11
dovecotdovecot
1.2.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dovecot
bookworm
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bookworm (security)
1:2.3.19.1+dfsg1-2.1+deb12u1
fixed
bullseye
1:2.3.13+dfsg1-2+deb11u1
fixed
bullseye (security)
1:2.3.13+dfsg1-2+deb11u2
fixed
lenny
not-affected
sid
1:2.3.21.1+dfsg1-1
fixed
trixie
1:2.3.21.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dovecot
dapper
not-affected
hardy
not-affected
jaunty
ignored
karmic
not-affected
lucid
Fixed 1:1.2.9-1ubuntu6.3
released
maverick
Fixed 1:1.2.12-1ubuntu8.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.openwall.com/lists/oss-security/2010/09/16/14
http://www.openwall.com/lists/oss-security/2010/09/16/17
http://www.securityfocus.com/bid/41964
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/43220
http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.openwall.com/lists/oss-security/2010/09/16/14
http://www.openwall.com/lists/oss-security/2010/09/16/17
http://www.securityfocus.com/bid/41964
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301