Vulnerabilities

CVE-2021-29157

by Fred · 28/06/2021

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

Date published : 2021-06-28

https://www.openwall.com/lists/oss-security/2021/06/28/1

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/

Similar

Tags: Cybersecurity Alert