Category Archives: Advisories

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

Read Time:25 Second

Posted by Aki Tuomi via Fulldisclosure on Jul 06

Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Vulnerability Details:
When two passdb…

Read More