CVE-2008-4577
7.5
HIGH
CVSS 3.1
EPSS 1.1%
Description
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
How to fix CVE-2008-4577
To remediate CVE-2008-4577, upgrade the affected package to a fixed version below.
- Debian/dovecot—upgrade to 1:1.0.15-2.2 or later
Is CVE-2008-4577 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.0.15-2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |