{
  "threat_severity" : "Low",
  "public_date" : "2010-07-24T00:00:00Z",
  "bugzilla" : {
    "description" : "dovecot: INBOX ACLs to newly created mailboxes propagation, possibly leading to weak ACLs",
    "id" : "746270",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=746270"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "draft"
  },
  "details" : [ "The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs." ],
  "statement" : "This issue does not affect the version of dovecot package, as shipped with Red Hat Enterprise Linux 4, 5 and 6.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "dovecot",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "dovecot",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "dovecot",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-3304\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3304" ],
  "name" : "CVE-2010-3304",
  "csaw" : false
}