Mailcow\
by Mailcow
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8928 | Hig | 0.60 | 8.8 | 0.02 | May 14, 2017 | mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | ||
| CVE-2022-31245 | 0.02 | — | 0.05 | May 20, 2022 | mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. | |||
| CVE-2023-34108 | 0.00 | — | 0.01 | Jun 7, 2023 | mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using… | |||
| CVE-2022-39258 | 0.00 | — | 0.01 | Sep 27, 2022 | mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a… |
- risk 0.60cvss 8.8epss 0.02
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
- CVE-2022-31245May 20, 2022risk 0.02cvss —epss 0.05
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.
- CVE-2023-34108Jun 7, 2023risk 0.00cvss —epss 0.01
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using…
- CVE-2022-39258Sep 27, 2022risk 0.00cvss —epss 0.01
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a…