CVE-2020-24386
Description
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
- CVSS Version 3.1
- CVSS Version 2.0
nvd
CVE ID: CVE-2020-24386
Base Score: 6.8
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Impact Score: 5.2
Exploitability Score: 1.6
nvd
CVE ID: CVE-2020-24386
Base Score: 4.9
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:S/C:P/I:P/A:N
Refrence: NVD