CVE-2021-33515 log

Severity High
Remote Yes
Type Information disclosure
A security issue has been found in Dovecot before version An on-path attacker could inject plaintext commands before the STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. As a result, an attacker can potentially steal user credentials and emails. The attacker needs to have sending permissions on the submission server (a valid username and password).
Group Package Affected Fixed Severity Status Ticket
AVG-2087 dovecot 2.3.14-2 2.3.15-1 High Fixed
Date Advisory Group Package Severity Type
22 Jun 2021 ASA-202106-56 AVG-2087 dovecot High information disclosure