The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the k right to create unauthorized parent/child/child mailboxes.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dovecot | Dovecot | * | 1.1.3 (including) |
| Dovecot | Dovecot | 0.99.13 (including) | 0.99.13 (including) |
| Dovecot | Dovecot | 0.99.14 (including) | 0.99.14 (including) |
| Dovecot | Dovecot | 1.0 (including) | 1.0 (including) |
| Dovecot | Dovecot | 1.0.2 (including) | 1.0.2 (including) |
| Dovecot | Dovecot | 1.0.3 (including) | 1.0.3 (including) |
| Dovecot | Dovecot | 1.0.4 (including) | 1.0.4 (including) |
| Dovecot | Dovecot | 1.0.5 (including) | 1.0.5 (including) |
| Dovecot | Dovecot | 1.0.6 (including) | 1.0.6 (including) |
| Dovecot | Dovecot | 1.0.7 (including) | 1.0.7 (including) |
| Dovecot | Dovecot | 1.0.8 (including) | 1.0.8 (including) |
| Dovecot | Dovecot | 1.0.9 (including) | 1.0.9 (including) |
| Dovecot | Dovecot | 1.0.10 (including) | 1.0.10 (including) |
| Dovecot | Dovecot | 1.0.12 (including) | 1.0.12 (including) |
| Dovecot | Dovecot | 1.0.beta1 (including) | 1.0.beta1 (including) |
| Dovecot | Dovecot | 1.0.beta2 (including) | 1.0.beta2 (including) |
| Dovecot | Dovecot | 1.0.beta3 (including) | 1.0.beta3 (including) |
| Dovecot | Dovecot | 1.0.beta4 (including) | 1.0.beta4 (including) |
| Dovecot | Dovecot | 1.0.beta5 (including) | 1.0.beta5 (including) |
| Dovecot | Dovecot | 1.0.beta6 (including) | 1.0.beta6 (including) |
| Dovecot | Dovecot | 1.0.beta7 (including) | 1.0.beta7 (including) |
| Dovecot | Dovecot | 1.0.beta8 (including) | 1.0.beta8 (including) |
| Dovecot | Dovecot | 1.0.beta9 (including) | 1.0.beta9 (including) |
| Dovecot | Dovecot | 1.0.rc1 (including) | 1.0.rc1 (including) |
| Dovecot | Dovecot | 1.0.rc2 (including) | 1.0.rc2 (including) |
| Dovecot | Dovecot | 1.0.rc3 (including) | 1.0.rc3 (including) |
| Dovecot | Dovecot | 1.0.rc4 (including) | 1.0.rc4 (including) |
| Dovecot | Dovecot | 1.0.rc5 (including) | 1.0.rc5 (including) |
| Dovecot | Dovecot | 1.0.rc6 (including) | 1.0.rc6 (including) |
| Dovecot | Dovecot | 1.0.rc7 (including) | 1.0.rc7 (including) |
| Dovecot | Dovecot | 1.0.rc8 (including) | 1.0.rc8 (including) |
| Dovecot | Dovecot | 1.0.rc9 (including) | 1.0.rc9 (including) |
| Dovecot | Dovecot | 1.0.rc10 (including) | 1.0.rc10 (including) |
| Dovecot | Dovecot | 1.0.rc11 (including) | 1.0.rc11 (including) |
| Dovecot | Dovecot | 1.0.rc12 (including) | 1.0.rc12 (including) |
| Dovecot | Dovecot | 1.0.rc13 (including) | 1.0.rc13 (including) |
| Dovecot | Dovecot | 1.0.rc14 (including) | 1.0.rc14 (including) |
| Dovecot | Dovecot | 1.0.rc15 (including) | 1.0.rc15 (including) |
| Dovecot | Dovecot | 1.0.rc16 (including) | 1.0.rc16 (including) |
| Dovecot | Dovecot | 1.0.rc17 (including) | 1.0.rc17 (including) |
| Dovecot | Dovecot | 1.0.rc18 (including) | 1.0.rc18 (including) |
| Dovecot | Dovecot | 1.0.rc19 (including) | 1.0.rc19 (including) |
| Dovecot | Dovecot | 1.0.rc20 (including) | 1.0.rc20 (including) |
| Dovecot | Dovecot | 1.0.rc21 (including) | 1.0.rc21 (including) |
| Dovecot | Dovecot | 1.0.rc22 (including) | 1.0.rc22 (including) |
| Dovecot | Dovecot | 1.0.rc23 (including) | 1.0.rc23 (including) |
| Dovecot | Dovecot | 1.0.rc24 (including) | 1.0.rc24 (including) |
| Dovecot | Dovecot | 1.0.rc25 (including) | 1.0.rc25 (including) |
| Dovecot | Dovecot | 1.0.rc26 (including) | 1.0.rc26 (including) |
| Dovecot | Dovecot | 1.0.rc27 (including) | 1.0.rc27 (including) |
| Dovecot | Dovecot | 1.0.rc28 (including) | 1.0.rc28 (including) |
| Dovecot | Dovecot | 1.0_rc29 (including) | 1.0_rc29 (including) |
| Dovecot | Dovecot | 1.1 (including) | 1.1 (including) |
| Dovecot | Dovecot | 1.1-rc2 (including) | 1.1-rc2 (including) |
| Dovecot | Dovecot | 1.1.0 (including) | 1.1.0 (including) |
| Dovecot | Dovecot | 1.1.1 (including) | 1.1.1 (including) |
| Dovecot | Dovecot | 1.1.2 (including) | 1.1.2 (including) |