CVE-2021-33515 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	A security issue has been found in Dovecot before version 2.3.14.1. An on-path attacker could inject plaintext commands before the STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. As a result, an attacker can potentially steal user credentials and emails. The attacker needs to have sending permissions on the submission server (a valid username and password).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2087	dovecot	2.3.14-2	2.3.15-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Jun 2021	ASA-202106-56	AVG-2087	dovecot	High	information disclosure

References
https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html https://www.openwall.com/lists/oss-security/2021/06/28/2 https://github.com/dovecot/core/commit/65bd1a27a361545c9ccf405b955c72a9c4d29b38

References

https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
https://www.openwall.com/lists/oss-security/2021/06/28/2
https://github.com/dovecot/core/commit/65bd1a27a361545c9ccf405b955c72a9c4d29b38