VYPR
Medium severity6.8OSV Advisory· Published May 15, 2024· Updated Apr 15, 2026

CVE-2024-35179

CVE-2024-35179

Description

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUN_AS_USER, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUN_AS_USER who handed out admin credentials to the mail server but expect these to only grant access according to the RUN_AS_USER and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • v0.3.0, v0.3.1, v0.3.10, …+ 1 more
    • (no CPE)range: v0.3.0, v0.3.1, v0.3.10, …
    • (no CPE)range: <0.8.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.