mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.
References
Link | Resource |
---|---|
https://github.com/mailcow/mailcow-dockerized/pull/4766 | Patch Third Party Advisory |
https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45 | Exploit Third Party Advisory |
Configurations
History
29 Sep 2022, 18:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mailcow:mailcow\:_dockerized:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
References | (MISC) https://github.com/mailcow/mailcow-dockerized/pull/4766 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45 - Exploit, Third Party Advisory | |
CWE | CWE-601 | |
First Time |
Mailcow mailcow\
Mailcow |
27 Sep 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. |
27 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-27 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-39258
Mitre link : CVE-2022-39258
CVE.ORG link : CVE-2022-39258
JSON object : View
Products Affected
mailcow
- mailcow\