CVE-2021-29157 - log back

CVE-2021-29157 edited at 28 Jun 2021 10:05:08
References
https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
+ https://www.openwall.com/lists/oss-security/2021/06/28/1
https://github.com/dovecot/core/commit/7f06f6274437ea97142df1f64f322b3ced44d0b3
https://github.com/dovecot/core/commit/7a77e070ddb6a67fe7a40118ba3e3f9b6062a7d1
https://github.com/dovecot/core/commit/bae4e44596d6548322665d242b055f44fe1dc58d
CVE-2021-29157 edited at 22 Jun 2021 15:28:44
Description
- Dovecot before version 2.3.14.1 does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. The attack requires an attacker to be able to write files to the local disk. As a result, a local attacker can login as any user and access their emails.
+ A security issue has been found in Dovecot before version 2.3.14.1. The kid and azp fields in JWT tokens are not correctly escaped. This may be used to supply attacker controlled keys to validate tokens in some configurations. The attack requires an attacker to be able to write files to the local disk. As a result, a local attacker can login as any user and access their emails.
CVE-2021-29157 edited at 21 Jun 2021 15:12:43
Notes
+ Workaround
+ ==========
+
+ Disable local JWT validation in oauth2, or use a different dict driver than fs:posix.
CVE-2021-29157 edited at 21 Jun 2021 14:56:37
References
https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
+ https://github.com/dovecot/core/commit/7f06f6274437ea97142df1f64f322b3ced44d0b3
+ https://github.com/dovecot/core/commit/7a77e070ddb6a67fe7a40118ba3e3f9b6062a7d1
+ https://github.com/dovecot/core/commit/bae4e44596d6548322665d242b055f44fe1dc58d
CVE-2021-29157 edited at 21 Jun 2021 14:49:10
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ Dovecot before version 2.3.14.1 does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. The attack requires an attacker to be able to write files to the local disk. As a result, a local attacker can login as any user and access their emails.
References
+ https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
Notes
CVE-2021-29157 created at 21 Jun 2021 14:43:15