CVE-2021-29157 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A security issue has been found in Dovecot before version 2.3.14.1. The kid and azp fields in JWT tokens are not correctly escaped. This may be used to supply attacker controlled keys to validate tokens in some configurations. The attack requires an attacker to be able to write files to the local disk. As a result, a local attacker can login as any user and access their emails.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2087	dovecot	2.3.14-2	2.3.15-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Jun 2021	ASA-202106-56	AVG-2087	dovecot	High	information disclosure

References
https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html https://www.openwall.com/lists/oss-security/2021/06/28/1 https://github.com/dovecot/core/commit/7f06f6274437ea97142df1f64f322b3ced44d0b3 https://github.com/dovecot/core/commit/7a77e070ddb6a67fe7a40118ba3e3f9b6062a7d1 https://github.com/dovecot/core/commit/bae4e44596d6548322665d242b055f44fe1dc58d

References

https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
https://www.openwall.com/lists/oss-security/2021/06/28/1
https://github.com/dovecot/core/commit/7f06f6274437ea97142df1f64f322b3ced44d0b3
https://github.com/dovecot/core/commit/7a77e070ddb6a67fe7a40118ba3e3f9b6062a7d1
https://github.com/dovecot/core/commit/bae4e44596d6548322665d242b055f44fe1dc58d

Notes
Workaround ========== Disable local JWT validation in oauth2, or use a different dict driver than fs:posix.