Mailcow
CVE-2024-23824
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.
AnalysisAI
mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. Affected products include: Mailcow Mailcow\. Version information: version 2024.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. Rated high severity (CVSS 8.8), this vulner
mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS
mailcow is a mailserver suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack co
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin
mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner
mailcow is a mailserver suite. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentica
mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.2), this vuln
mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1). Public ex
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI f
mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS
mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.2), this vulner
mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1), this vuln
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today