mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.
References
Link | Resource |
---|---|
https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack | Exploit Third Party Advisory |
https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed | Patch |
https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7 | Vendor Advisory |
Configurations
History
10 Feb 2024, 04:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:mailcow:mailcow\:_dockerized:*:*:*:*:*:*:*:* | |
First Time |
Mailcow mailcow\
Mailcow |
|
References | () https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7 - Vendor Advisory | |
References | () https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed - Patch | |
References | () https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack - Exploit, Third Party Advisory |
02 Feb 2024, 16:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-02 16:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-23824
Mitre link : CVE-2024-23824
CVE.ORG link : CVE-2024-23824
JSON object : View
Products Affected
mailcow
- mailcow\
CWE