mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue.
History

Thu, 12 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 21:00:00 +0000


Mon, 19 Aug 2024 08:30:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-04T20:27:40.370Z

Updated: 2024-12-12T20:52:59.248Z

Reserved: 2024-03-26T12:52:00.935Z

Link: CVE-2024-30270

cve-icon Vulnrichment

Updated: 2024-08-19T07:47:49.385Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-04T21:15:16.577

Modified: 2024-12-12T21:15:07.817

Link: CVE-2024-30270

cve-icon Redhat

No data.