mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 19 Aug 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-04T20:27:40.370Z
Updated: 2024-12-12T20:52:59.248Z
Reserved: 2024-03-26T12:52:00.935Z
Link: CVE-2024-30270
Vulnrichment
Updated: 2024-08-19T07:47:49.385Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T21:15:16.577
Modified: 2024-12-12T21:15:07.817
Link: CVE-2024-30270
Redhat
No data.