CVE-2010-3779
EPSS 0.30%
Description
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
How to fix CVE-2010-3779
To remediate CVE-2010-3779, upgrade the affected package to a fixed version below.
- Debian/dovecot—upgrade to 1:1.2.15-1 or later
Is CVE-2010-3779 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.2.15-1