VYPR

Mailcow\

by Mailcow

Source repositories

CVEs (4)

  • CVE-2017-8928HigMay 14, 2017
    risk 0.60cvss 8.8epss 0.02

    mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.

  • CVE-2022-31245May 20, 2022
    risk 0.02cvss epss 0.05

    mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.

  • CVE-2023-34108Jun 7, 2023
    risk 0.00cvss epss 0.01

    mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using…

  • CVE-2022-39258Sep 27, 2022
    risk 0.00cvss epss 0.01

    mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a…