VYPR
High severity7.1OSV Advisory· Published Jan 28, 2025· Updated Apr 15, 2026

CVE-2024-56529

CVE-2024-56529

Description

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 2022-01, 2022-01a, 2022-03, …+ 1 more
    • (no CPE)range: 2022-01, 2022-01a, 2022-03, …
    • (no CPE)range: <= 2024-11b

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.