Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dovecot plugins/acl/acl-backend-vfile.c文件权限许可和访问控制漏洞
Vulnerability Description
Dovecot是一款开源的基于类Linux/UNIX系统的IMAP和POP3邮件服务器。 Dovecot 1.2.15之前的1.2.x版本和2.0.5之前的2.0.x版本中的plugins/acl/acl-backend-vfile.c文件在涉及私有的用户命名空间的特定环境下,通过另一个ACL条目为作为指令的ACL条目授予权限,而不是取代另一个ACL条目授予的权限。远程认证用户借助读取或者修改收件箱的请求绕过访问限制。
CVSS Information
N/A
Vulnerability Type
N/A