CVE-2010-3304 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-3304 Interim 1 5 2023-12-09T01:55:34Z current 2021-05-30T12:53:16Z 2023-12-09T01:55:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-3304 The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RKDKQLNEM7RLORAT2NPXV4HKQT2JJMHA/#RKDKQLNEM7RLORAT2NPXV4HKQT2JJMHA E-Mail link for SUSE-SR:2010:017 https://www.suse.com/support/security/rating/ SUSE Security Ratings The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. CVE-2010-3304 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N