High severity7.1OSV Advisory· Published Jan 28, 2025· Updated Apr 15, 2026
CVE-2024-56529
CVE-2024-56529
Description
Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access the victim's web panel with the same session identifier.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22022-01, 2022-01a, 2022-03, …+ 1 more
- (no CPE)range: 2022-01, 2022-01a, 2022-03, …
- (no CPE)range: <= 2024-11b
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.