Full title: Dovecot 2.3.11.3 Access Bypass Vulnerability 
Category: web applications
Platform: multiple
Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.

# 0day.today @ http://0day.today/