Medium severity6.8OSV Advisory· Published May 15, 2024· Updated Apr 15, 2026
CVE-2024-35179
CVE-2024-35179
Description
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUN_AS_USER, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUN_AS_USER who handed out admin credentials to the mail server but expect these to only grant access according to the RUN_AS_USER and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v0.3.0, v0.3.1, v0.3.10, …+ 1 more
- (no CPE)range: v0.3.0, v0.3.1, v0.3.10, …
- (no CPE)range: <0.8.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.