Skip to main content

Mailcow CVE-2024-23824

LOW
Uncontrolled Resource Consumption (CWE-400)
2024-02-02 security-advisories@github.com
2.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Feb 02, 2024 - 16:15 nvd
LOW 2.7

DescriptionNVD

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.

AnalysisAI

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. Affected products include: Mailcow Mailcow\. Version information: version 2024.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2017-8928 HIGH POC
8.8 May 14

mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. Rated high severity (CVSS 8.8), this vulner

CVE-2023-26490 HIGH POC
8.8 Mar 04

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS

CVE-2022-31138 HIGH POC
8.8 Jul 11

mailcow is a mailserver suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack co

CVE-2022-31245 HIGH POC
8.8 May 20

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin

CVE-2025-25198 HIGH POC
7.1 Feb 12

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner

CVE-2022-39258 HIGH POC
8.2 Sep 27

mailcow is a mailserver suite. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentica

CVE-2024-30270 MEDIUM POC
6.2 Apr 04

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.2), this vuln

CVE-2024-31204 MEDIUM POC
6.1 Apr 04

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1). Public ex

CVE-2023-34108 HIGH
8.8 Jun 07

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI f

CVE-2024-24760 HIGH
7.3 Feb 02

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS

CVE-2024-41958 HIGH
7.2 Aug 05

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.2), this vulner

CVE-2024-41959 MEDIUM
6.1 Aug 05

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1), this vuln

Share

CVE-2024-23824 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy