1. CVE-Search
  2. CVE-2017-5930
ID CVE-2017-5930
Summary The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:beta:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc4:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc4:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc5:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc5:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc6:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc6:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc7:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.3:rc7:*:*:*:*:*:*
  • cpe:2.3:a:postfixadmin_project:postfixadmin:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:postfixadmin_project:postfixadmin:2.9.1:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 26-02-2020 - 16:59)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:P/A:N
refmap via4
bid 96142
confirm
mlist
  • [oss-security] 20170207 Re: CVE request: PostfixAdmin allows to delete protected aliases
  • [oss-security] 20170209 Re: CVE request: PostfixAdmin allows to delete protected aliases
  • [postfixadmin-devel] 20170204 Security hole in AliasHandler
suse openSUSE-SU-2017:0488
Last major update 26-02-2020 - 16:59
Published 20-03-2017 - 16:59
Last modified 26-02-2020 - 16:59
Back to Top