Your submission was sent successfully! Close

CVE-2020-24386

Published: 4 January 2021

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

Priority

Medium

CVSS 3 base score: 6.8

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
bionic
Released (1:2.2.33.2-1ubuntu4.7)
focal
Released (1:2.3.7.2-1ubuntu3.3)
groovy
Released (1:2.3.11.3+dfsg1-2ubuntu0.1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (2.3.13)
xenial Not vulnerable
(code not present)