cbcvebase.
CVE-2017-5930
published 2017-03-20

CVE-2017-5930: The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to…

PriorityP266low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.95%
96.3th percentile
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianpostfixadmin< postfixadmin 3.0.2-1 (bookworm)postfixadmin 3.0.2-1 (bookworm)
opensuseleap
opensuseleap
postfixadminpostfixadmin>= 0 < 3.0.2-13.0.2-1
postfixadminpostfixadmin>= 0 < 3.0.2-13.0.2-1
postfixadminpostfixadmin>= 0 < 3.0.2-13.0.2-1
postfixadmin_projectpostfixadmin< 3.0.23.0.2

Detection & IOCsextracted from sources · hover to see the quote

urldelete.php
  • Monitor HTTP requests to delete.php in PostfixAdmin with a 'delete' parameter, originating from domain admin accounts — this is the attack vector for unauthorized protected alias deletion.
  • Affected versions are PostfixAdmin 2.91 through 3.0.1; flag any installations in this range as vulnerable.
  • Watch for unexpected rewrites or deletions of protected aliases such as postmaster@domain, which may indicate exploitation of this missing permission check.
  • ·The vulnerability requires the attacker to be an authenticated domain admin — unauthenticated exploitation is not possible.
  • ·Fixed in PostfixAdmin 3.0.2; Debian packages resolved at version 3.0.2-1 across bookworm, forky, sid, and trixie.

CVSS provenance

nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv2.7LOW
vulncheck2.7LOW
vendor_debian2.7LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.