Bugzilla – Bug 1201267
VUL-0: CVE-2022-30550: dovecot22,dovecot23: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Last modified: 2022-08-01 13:46:46 UTC
CVE-2022-30550 Posted by Aki Tuomi on Jul 06Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) Vulnerability Details: When two passdb... References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30550 https://seclists.org/oss-sec/2022/q3/33
the advisory says 2.2 ... but 2.3 looks similar
SUSE-SU-2022:2432-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1201267 CVE References: CVE-2022-30550 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): dovecot23-2.3.15-150100.31.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): dovecot23-2.3.15-150100.31.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): dovecot23-2.3.15-150100.31.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): dovecot23-2.3.15-150100.31.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): dovecot23-2.3.15-150100.31.1 SUSE Enterprise Storage 6 (src): dovecot23-2.3.15-150100.31.1 SUSE CaaS Platform 4.0 (src): dovecot23-2.3.15-150100.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2431-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1201267 CVE References: CVE-2022-30550 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): dovecot23-2.3.15-150000.4.42.1 SUSE Linux Enterprise Server 15-LTSS (src): dovecot23-2.3.15-150000.4.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): dovecot23-2.3.15-150000.4.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): dovecot23-2.3.15-150000.4.42.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2448-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1201267 CVE References: CVE-2022-30550 JIRA References: Sources used: openSUSE Leap 15.4 (src): dovecot23-2.3.15-150200.62.1 openSUSE Leap 15.3 (src): dovecot23-2.3.15-150200.62.1 SUSE Manager Server 4.1 (src): dovecot23-2.3.15-150200.62.1 SUSE Manager Retail Branch Server 4.1 (src): dovecot23-2.3.15-150200.62.1 SUSE Manager Proxy 4.1 (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): dovecot23-2.3.15-150200.62.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): dovecot23-2.3.15-150200.62.1 SUSE Enterprise Storage 7 (src): dovecot23-2.3.15-150200.62.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2618-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1201267 CVE References: CVE-2022-30550 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): dovecot22-2.2.31-19.29.1 SUSE OpenStack Cloud 9 (src): dovecot22-2.2.31-19.29.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dovecot22-2.2.31-19.29.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): dovecot22-2.2.31-19.29.1 SUSE Linux Enterprise Server 12-SP5 (src): dovecot22-2.2.31-19.29.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): dovecot22-2.2.31-19.29.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): dovecot22-2.2.31-19.29.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): dovecot22-2.2.31-19.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.