CVE-2022-24732

{"id": "CVE-2022-24732", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2022-03-09T20:15:08.623", "references": [{"url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-324"}, {"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms."}, {"lang": "es", "value": "Maddy Mail Server es un servidor de correo electr\u00f3nico de c\u00f3digo abierto compatible con SMTP. Las versiones de maddy anteriores a 0.5.4, no implementan la comprobaci\u00f3n de la caducidad de la contrase\u00f1a o de la cuenta cuando es autenticado usando PAM. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizarse deber\u00e1n eliminar manualmente las cuentas caducadas por medio de los mecanismos de filtrado existentes"}], "lastModified": "2022-03-17T01:44:04.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maddy_project:maddy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F116C241-39C7-4E8A-8776-5961385A8E94", "versionEndExcluding": "0.5.4", "versionStartIncluding": "0.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}