Back to search
CVE-2019-3814
Published: Mar 27, 2019
Modified: Aug 4, 2024
PUBLISHED
CVSS v3.0
7.7
HIGH
Description
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
| Vendor | Product | Versions |
|---|---|---|
dovecot | dovecot | affected 2.2.36.1affected 2.3.4.1 |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
References
https://www.dovecot.org/list/dovecot/2019-February/114575.html
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814
x_refsource_CONFIRM
openSUSE-SU-2019:1220
vendor-advisory
x_refsource_SUSE
GLSA-201904-19
vendor-advisory
x_refsource_GENTOO
FEDORA-2019-9e004decea
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-1b61a528dd
vendor-advisory
x_refsource_FEDORA
RHSA-2019:3467
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now