First published: Mon Jan 04 2021(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dovecot Dovecot | >=2.2.26<2.3.13 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =32 | |
debian/dovecot | 1:2.3.4.1-5+deb10u6 1:2.3.4.1-5+deb10u7 1:2.3.13+dfsg1-2+deb11u1 1:2.3.19.1+dfsg1-2.1 1:2.3.20+dfsg1-1 1:2.3.21+dfsg1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24386 is a vulnerability in Dovecot, versions before 2.3.13, that allows an authenticated attacker to access other users' email messages and disclose the server's file path.
An attacker can exploit CVE-2020-24386 by using IMAP IDLE to trigger unhibernation with attacker-controlled parameters.
CVE-2020-24386 has a severity rating of 6.8 (Medium).
Versions of Dovecot before 2.3.13 are affected by CVE-2020-24386.
To fix CVE-2020-24386, you need to update Dovecot to version 2.3.13 or later.