6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
77.5%
Secunia reports:
The security issue is caused due to an input validation error when
processing script names. This can be exploited to read or modify
arbitrary files having “.sieve” extensions via directory traversal
attacks, with the privileges of the attacker’s user id.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | dovecot-managesieve | < 0.10.4 | UNKNOWN |