CVE-2024-41959

5 Ago 2024

Título es

CVE-2024-41959

Lun, 05/08/2024 – 20:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-41959

Descripción en

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the user's browser. This could lead to unauthorized actions, data theft, or further exploitation of the affected system. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability.

05/08/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://github.com/mailcow/mailcow-dockerized/commit/66aa28b5de282fc037e0d2f02fbdc84539b614a1

https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-v3r3-8f69-ph29

Enviar en el boletín

Off

CVE-2024-41959

CVE-2024-41959

Jose Alexis Correa Valencia