Vulnerabilites related to mailcow - mailcow-dockerized
CVE-2025-53909 (GCVE-0-2025-53909)
Vulnerability from cvelistv5
Published
2025-07-17 13:47
Modified
2025-07-17 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-8p7g-6cjj-wr9m | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/8c5f6c03214a4b2bdbf3c78932f860eee949012b | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2025-07 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T19:54:45.486639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:54:59.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2025-07"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T13:47:26.179Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-8p7g-6cjj-wr9m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-8p7g-6cjj-wr9m"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/8c5f6c03214a4b2bdbf3c78932f860eee949012b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/8c5f6c03214a4b2bdbf3c78932f860eee949012b"
}
],
"source": {
"advisory": "GHSA-8p7g-6cjj-wr9m",
"discovery": "UNKNOWN"
},
"title": "mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53909",
"datePublished": "2025-07-17T13:47:26.179Z",
"dateReserved": "2025-07-11T19:05:23.827Z",
"dateUpdated": "2025-07-17T19:54:59.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26490 (GCVE-0-2023-26490)
Vulnerability from cvelistv5
Published
2023-03-03 23:37
Modified
2025-02-25 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3j2f-wf52-cjg7 | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2023-03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3j2f-wf52-cjg7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3j2f-wf52-cjg7"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-03",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:42.444112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:02:06.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2023-03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T23:37:03.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3j2f-wf52-cjg7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3j2f-wf52-cjg7"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-03",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-03"
}
],
"source": {
"advisory": "GHSA-3j2f-wf52-cjg7",
"discovery": "UNKNOWN"
},
"title": "mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync\u200b"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26490",
"datePublished": "2023-03-03T23:37:03.105Z",
"dateReserved": "2023-02-23T23:22:58.575Z",
"dateUpdated": "2025-02-25T15:02:06.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31138 (GCVE-0-2022-31138)
Vulnerability from cvelistv5
Published
2022-07-11 14:00
Modified
2025-04-22 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute arbitrary code. Users should update their mailcow instances with the `update.sh` script in the mailcow root directory to 2022-06a or newer to receive a patch for this issue. As a temporary workaround, the Syncjob ACL can be removed from all mailbox users, preventing changes to those settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vx9w-h33p-5vhc | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/d373164e13a14e058f82c9f1918a5612f375a9f9 | x_refsource_MISC | |
| https://github.com/ly1g3/Mailcow-CVE-2022-31138 | x_refsource_MISC | |
| https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-06a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2022-06a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vx9w-h33p-5vhc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/d373164e13a14e058f82c9f1918a5612f375a9f9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ly1g3/Mailcow-CVE-2022-31138"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-06a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31138",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:42:45.656429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:49:53.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2022-06a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute arbitrary code. Users should update their mailcow instances with the `update.sh` script in the mailcow root directory to 2022-06a or newer to receive a patch for this issue. As a temporary workaround, the Syncjob ACL can be removed from all mailbox users, preventing changes to those settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T14:00:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vx9w-h33p-5vhc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/d373164e13a14e058f82c9f1918a5612f375a9f9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ly1g3/Mailcow-CVE-2022-31138"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-06a"
}
],
"source": {
"advisory": "GHSA-vx9w-h33p-5vhc",
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in mailcow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31138",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in mailcow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mailcow-dockerized",
"version": {
"version_data": [
{
"version_value": "\u003c 2022-06a"
}
]
}
}
]
},
"vendor_name": "mailcow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute arbitrary code. Users should update their mailcow instances with the `update.sh` script in the mailcow root directory to 2022-06a or newer to receive a patch for this issue. As a temporary workaround, the Syncjob ACL can be removed from all mailbox users, preventing changes to those settings."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vx9w-h33p-5vhc",
"refsource": "CONFIRM",
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vx9w-h33p-5vhc"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/d373164e13a14e058f82c9f1918a5612f375a9f9",
"refsource": "MISC",
"url": "https://github.com/mailcow/mailcow-dockerized/commit/d373164e13a14e058f82c9f1918a5612f375a9f9"
},
{
"name": "https://github.com/ly1g3/Mailcow-CVE-2022-31138",
"refsource": "MISC",
"url": "https://github.com/ly1g3/Mailcow-CVE-2022-31138"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-06a",
"refsource": "MISC",
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-06a"
}
]
},
"source": {
"advisory": "GHSA-vx9w-h33p-5vhc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31138",
"datePublished": "2022-07-11T14:00:15.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:49:53.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41958 (GCVE-0-2024-41958)
Vulnerability from cvelistv5
Published
2024-08-05 19:59
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-697 - Incorrect Comparison
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By leveraging these credentials, the attacker can circumvent the 2FA process and gain access to the protected account. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4fcc-q245-qqgg | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/f33d82ffc11ed3438609d4e7a6baa78cb3305bc3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-07 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:42:09.504121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:37.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-07"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By leveraging these credentials, the attacker can circumvent the 2FA process and gain access to the protected account. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:00:14.270Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4fcc-q245-qqgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4fcc-q245-qqgg"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/f33d82ffc11ed3438609d4e7a6baa78cb3305bc3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/f33d82ffc11ed3438609d4e7a6baa78cb3305bc3"
}
],
"source": {
"advisory": "GHSA-4fcc-q245-qqgg",
"discovery": "UNKNOWN"
},
"title": "Two-Factor Authentication (2FA) Bypass in mailcow: dockerized"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41958",
"datePublished": "2024-08-05T19:59:44.744Z",
"dateReserved": "2024-07-24T16:51:40.950Z",
"dateUpdated": "2024-08-07T20:42:37.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41960 (GCVE-0-2024-41960)
Vulnerability from cvelistv5
Published
2024-08-05 19:59
Modified
2024-08-05 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scripts in the context of the user's browser. This could lead to data theft, or further exploitation. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jpp8-rhg6-4vvv | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/efb2572f0fa57628ad98a76a4ae884a10cac0a1a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-07 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:47:18.051530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:47:28.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-07"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scripts in the context of the user\u0027s browser. This could lead to data theft, or further exploitation. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T19:59:48.492Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jpp8-rhg6-4vvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jpp8-rhg6-4vvv"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/efb2572f0fa57628ad98a76a4ae884a10cac0a1a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/efb2572f0fa57628ad98a76a4ae884a10cac0a1a"
}
],
"source": {
"advisory": "GHSA-jpp8-rhg6-4vvv",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41960",
"datePublished": "2024-08-05T19:59:48.492Z",
"dateReserved": "2024-07-24T16:51:40.951Z",
"dateUpdated": "2024-08-05T20:47:28.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25198 (GCVE-0-2025-25198)
Vulnerability from cvelistv5
Published
2025-02-12 17:46
Modified
2025-02-12 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the `Host HTTP` header to generate a password reset link pointing to an attacker-controlled domain. This can lead to account takeover if a user clicks the poisoned link. Version 2025-01a contains a patch. As a workaround, deactivate the password reset functionality by clearing `Notification email sender` and `Notification email subject` under System -> Configuration -> Options -> Password Settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3mvx-qw4r-fcqf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2025-01a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:51:49.806238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:52:25.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2025-01a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow\u0027s password reset functionality allows an attacker to manipulate the `Host HTTP` header to generate a password reset link pointing to an attacker-controlled domain. This can lead to account takeover if a user clicks the poisoned link. Version 2025-01a contains a patch. As a workaround, deactivate the password reset functionality by clearing `Notification email sender` and `Notification email subject` under System -\u003e Configuration -\u003e Options -\u003e Password Settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T17:46:06.491Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3mvx-qw4r-fcqf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-3mvx-qw4r-fcqf"
}
],
"source": {
"advisory": "GHSA-3mvx-qw4r-fcqf",
"discovery": "UNKNOWN"
},
"title": "mailcow: dockerized vulnerable to password reset poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25198",
"datePublished": "2025-02-12T17:46:06.491Z",
"dateReserved": "2025-02-03T19:30:53.400Z",
"dateUpdated": "2025-02-12T19:52:25.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34108 (GCVE-0-2023-34108)
Vulnerability from cvelistv5
Published
2023-06-07 17:16
Modified
2025-01-06 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of "password=<valid-password>", indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password "123 mail_crypt_save_version=0" would cause the `passwd-verify.lua` script to return the string "password=123 mail_crypt_save_version=0". Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version `2023-05a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2023-05a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445"
},
{
"name": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T20:10:31.786240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T20:11:10.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2023-05a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of \"password=\u003cvalid-password\u003e\", indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password \"123 mail_crypt_save_version=0\" would cause the `passwd-verify.lua` script to return the string \"password=123 mail_crypt_save_version=0\". Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version `2023-05a`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T17:16:54.206Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-mhh4-qchc-pv22"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/f80940efdccd393bf5fccec2886795372a38c445"
},
{
"name": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VladimirBorisov/CVE_proposal/blob/main/MailcowUserPassword.md"
}
],
"source": {
"advisory": "GHSA-mhh4-qchc-pv22",
"discovery": "UNKNOWN"
},
"title": "Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34108",
"datePublished": "2023-06-07T17:16:54.206Z",
"dateReserved": "2023-05-25T21:56:51.246Z",
"dateUpdated": "2025-01-06T20:11:10.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24760 (GCVE-0-2024-24760)
Vulnerability from cvelistv5
Published
2024-02-02 15:28
Modified
2025-05-15 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Summary
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6 | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-01c |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:46:19.747960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:49:55.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-01c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions \u003c 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:28:22.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88"
}
],
"source": {
"advisory": "GHSA-gmpj-5xcm-xxx6",
"discovery": "UNKNOWN"
},
"title": "Mailcow Docker Container Exposure to Local Network"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24760",
"datePublished": "2024-02-02T15:28:22.086Z",
"dateReserved": "2024-01-29T20:51:26.010Z",
"dateUpdated": "2025-05-15T19:49:55.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31204 (GCVE-0-2024-31204)
Vulnerability from cvelistv5
Published
2024-04-04 20:37
Modified
2024-12-12 20:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEV_MODE. The system saves exception details into a session array without proper sanitization or encoding. These details are later rendered into HTML and executed in a JavaScript block within the user's browser, without adequate escaping of HTML entities. This flaw allows for Cross-Site Scripting (XSS) attacks, where attackers can inject malicious scripts into the admin panel by triggering exceptions with controlled input. The exploitation method involves using any function that might throw an exception with user-controllable argument. This issue can lead to session hijacking and unauthorized administrative actions, posing a significant security risk. Version 2024-04 contains a fix for the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-04 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcow:mailcow_dockerized:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcow_dockerized",
"vendor": "mailcow",
"versions": [
{
"lessThan": "2024-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:48:22.693407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:50:57.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:48.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-fp6h-63w4-5hcm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-fp6h-63w4-5hcm"
},
{
"url": "https://www.vicarius.io/vsociety/posts/mailcow-with-xss-and-path-traversal-cve-2024-31204-and-cve-2024-30270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEV_MODE. The system saves exception details into a session array without proper sanitization or encoding. These details are later rendered into HTML and executed in a JavaScript block within the user\u0027s browser, without adequate escaping of HTML entities. This flaw allows for Cross-Site Scripting (XSS) attacks, where attackers can inject malicious scripts into the admin panel by triggering exceptions with controlled input. The exploitation method involves using any function that might throw an exception with user-controllable argument. This issue can lead to session hijacking and unauthorized administrative actions, posing a significant security risk. Version 2024-04 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:53:23.243Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-fp6h-63w4-5hcm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-fp6h-63w4-5hcm"
},
{
"name": "https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages"
}
],
"source": {
"advisory": "GHSA-fp6h-63w4-5hcm",
"discovery": "UNKNOWN"
},
"title": "mailcow Cross-site Scripting Vulnerability via Exception Handler"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31204",
"datePublished": "2024-04-04T20:37:45.155Z",
"dateReserved": "2024-03-29T14:16:31.899Z",
"dateUpdated": "2024-12-12T20:53:23.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39258 (GCVE-0-2022-39258)
Vulnerability from cvelistv5
Published
2022-09-27 15:10
Modified
2025-04-22 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45 | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/pull/4766 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2022-09 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/pull/4766"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:41:17.641973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:20:10.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2022-09"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T15:10:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/pull/4766"
}
],
"source": {
"advisory": "GHSA-vjgf-cp5p-wm45",
"discovery": "UNKNOWN"
},
"title": "mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39258",
"STATE": "PUBLIC",
"TITLE": "mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mailcow-dockerized",
"version": {
"version_data": [
{
"version_value": "\u003c 2022-09"
}
]
}
}
]
},
"vendor_name": "mailcow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45",
"refsource": "CONFIRM",
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/pull/4766",
"refsource": "MISC",
"url": "https://github.com/mailcow/mailcow-dockerized/pull/4766"
}
]
},
"source": {
"advisory": "GHSA-vjgf-cp5p-wm45",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39258",
"datePublished": "2022-09-27T15:10:10.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:20:10.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30270 (GCVE-0-2024-30270)
Vulnerability from cvelistv5
Published
2024-04-04 20:27
Modified
2024-12-12 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4m8r-87gc-3vvp | x_refsource_CONFIRM | |
| https://mailcow.email/posts/2024/release-2024-04 | x_refsource_MISC | |
| https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-04 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T18:05:43.220610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:21.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:49.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4m8r-87gc-3vvp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4m8r-87gc-3vvp"
},
{
"name": "https://mailcow.email/posts/2024/release-2024-04",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mailcow.email/posts/2024/release-2024-04"
},
{
"url": "https://www.vicarius.io/vsociety/posts/mailcow-with-xss-and-path-traversal-cve-2024-31204-and-cve-2024-30270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:52:59.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4m8r-87gc-3vvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-4m8r-87gc-3vvp"
},
{
"name": "https://mailcow.email/posts/2024/release-2024-04",
"tags": [
"x_refsource_MISC"
],
"url": "https://mailcow.email/posts/2024/release-2024-04"
},
{
"name": "https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages"
}
],
"source": {
"advisory": "GHSA-4m8r-87gc-3vvp",
"discovery": "UNKNOWN"
},
"title": "mailcow Path Traversal and Arbitrary Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30270",
"datePublished": "2024-04-04T20:27:40.370Z",
"dateReserved": "2024-03-26T12:52:00.935Z",
"dateUpdated": "2024-12-12T20:52:59.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49077 (GCVE-0-2023-49077)
Vulnerability from cvelistv5
Published
2023-11-30 07:14
Modified
2024-08-02 21:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-46x4-w2fm-5x6g | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-11 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2023-11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-46x4-w2fm-5x6g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-46x4-w2fm-5x6g"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-11",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2023-11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T07:14:04.580Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-46x4-w2fm-5x6g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-46x4-w2fm-5x6g"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/releases/tag/2023-11"
}
],
"source": {
"advisory": "GHSA-46x4-w2fm-5x6g",
"discovery": "UNKNOWN"
},
"title": "mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49077",
"datePublished": "2023-11-30T07:14:04.580Z",
"dateReserved": "2023-11-21T18:57:30.427Z",
"dateUpdated": "2024-08-02T21:46:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23824 (GCVE-0-2024-23824)
Vulnerability from cvelistv5
Published
2024-02-02 15:18
Modified
2025-06-17 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7 | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed | x_refsource_MISC | |
| https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed"
},
{
"name": "https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23824",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:30:43.358829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:52:12.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn\u0027t respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:18:55.300Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed"
},
{
"name": "https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack"
}
],
"source": {
"advisory": "GHSA-45rv-3c5p-w4h7",
"discovery": "UNKNOWN"
},
"title": "mailcow ipixel flood attack leads to Denial of Service in admin page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23824",
"datePublished": "2024-02-02T15:18:55.300Z",
"dateReserved": "2024-01-22T22:23:54.338Z",
"dateUpdated": "2025-06-17T13:52:12.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41959 (GCVE-0-2024-41959)
Vulnerability from cvelistv5
Published
2024-08-05 19:59
Modified
2024-08-05 20:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the user's browser. This could lead to unauthorized actions, data theft, or further exploitation of the affected system. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-v3r3-8f69-ph29 | x_refsource_CONFIRM | |
| https://github.com/mailcow/mailcow-dockerized/commit/66aa28b5de282fc037e0d2f02fbdc84539b614a1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mailcow | mailcow-dockerized |
Version: < 2024-07 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:24:15.518061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:24:22.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-07"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the user\u0027s browser. This could lead to unauthorized actions, data theft, or further exploitation of the affected system. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:00:03.016Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-v3r3-8f69-ph29",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-v3r3-8f69-ph29"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/66aa28b5de282fc037e0d2f02fbdc84539b614a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/66aa28b5de282fc037e0d2f02fbdc84539b614a1"
}
],
"source": {
"advisory": "GHSA-v3r3-8f69-ph29",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) via API Logs in mailcow: dockerized"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41959",
"datePublished": "2024-08-05T19:59:46.318Z",
"dateReserved": "2024-07-24T16:51:40.951Z",
"dateUpdated": "2024-08-05T20:24:22.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}