Skip to main content

Mailcow CVE-2023-34108

HIGH
OS Command Injection (CWE-78)
2023-06-07 security-advisories@github.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 07, 2023 - 18:15 nvd
HIGH 8.8

DescriptionNVD

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the passwd-verify.lua script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of "password=<valid-password>", indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password "123 mail_crypt_save_version=0" would cause the passwd-verify.lua script to return the string "password=123 mail_crypt_save_version=0". Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version 2023-05a. Users are advised to upgrade. There are no known workarounds for this vulnerability.

AnalysisAI

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the passwd-verify.lua script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of "password=<valid-password>", indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password "123 mail_crypt_save_version=0" would cause the passwd-verify.lua script to return the string "password=123 mail_crypt_save_version=0". Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version 2023-05a. Users are advised to upgrade. There are no known workarounds for this vulnerability. Affected products include: Mailcow Mailcow\.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2017-8928 HIGH POC
8.8 May 14

mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. Rated high severity (CVSS 8.8), this vulner

CVE-2023-26490 HIGH POC
8.8 Mar 04

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS

CVE-2022-31138 HIGH POC
8.8 Jul 11

mailcow is a mailserver suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack co

CVE-2022-31245 HIGH POC
8.8 May 20

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin

CVE-2025-25198 HIGH POC
7.1 Feb 12

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner

CVE-2022-39258 HIGH POC
8.2 Sep 27

mailcow is a mailserver suite. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentica

CVE-2024-30270 MEDIUM POC
6.2 Apr 04

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.2), this vuln

CVE-2024-31204 MEDIUM POC
6.1 Apr 04

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1). Public ex

CVE-2024-24760 HIGH
7.3 Feb 02

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS

CVE-2024-41958 HIGH
7.2 Aug 05

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.2), this vulner

CVE-2024-23824 LOW POC
2.7 Feb 02

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated low severity (CVSS

CVE-2024-41959 MEDIUM
6.1 Aug 05

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1), this vuln

Share

CVE-2023-34108 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy