5 matches found
CVE-2020-14929
CVE-2020-14929 affects Alpine (pre-2.23) where,a PREAUTH scenario can cause Alpine to proceed over an insecure connection after a /tls is sent instead of closing the connection. Public records in multiple vendor advisories indicate the issue is addressed by upgrading Alpine to 2.23 or newer; Fedo...
CVE-2021-38370
The CVE describes Alpine before 2.25 allowing untagged IMAP responses before STARTTLS, potentially leaking information. Affected component: Alpine IMAP handling. Root cause: insecure handling of IMAP responses prior to TLS upgrade. Impact per sources: information leakage (and related issues) when...
CVE-2022-23553
Alpine is a Java scaffolding library. CVE-2022-23553 describes a URL access filter bypass in Alpine versions prior to 1.10.4. The issue is fixed in version 1.10.4; there are no publicly documented workarounds in the provided sources. Affected component is the URL filtering logic within Alpine’s f...
CVE-2022-23554
CVE-2022-23554 affects Alpine (Java scaffolding library). Multiple sources confirm: versions prior to 1.10.4 allow an Authentication Filter bypass by relying on the request URI to decide swagger endpoint access. For example, a crafted URL such as /api/foo;%2fapi%2fswagger causes the filter to ret...
CVE-2021-46853
CVE-2021-46853 affects Alpine prior to 2.25. A remote attacker can cause an application crash (denial of service) by sending LIST or LSUB before STARTTLS. This issue arises from how the IMAP/mail handling processes pre-TLS commands, enabling a crash under network conditions. The connected documen...