CVE-2010-3304
EPSS 1.7%
Description
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
How to fix CVE-2010-3304
To remediate CVE-2010-3304, upgrade the affected package to a fixed version below.
- Debian/dovecot—upgrade to 1.2.13-1 or later
Is CVE-2010-3304 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.13-1