CVE-2023-26490
- EPSS 0.67%
- Veröffentlicht 04.03.2023 00:15:15
- Zuletzt bearbeitet 21.11.2024 07:51:37
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A...
CVE-2022-39258
- EPSS 0.26%
- Veröffentlicht 27.09.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:17:53
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorizatio...
- EPSS 6.09%
- Veröffentlicht 11.07.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:58
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextra...
- EPSS 22.74%
- Veröffentlicht 20.05.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:04:12
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.