cbcvebase.
CVE-2024-30270
published 2024-04-04

CVE-2024-30270: mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior…

PriorityP352medium6.2CVSS 3.1
AVNACHPRHUINSUCHIHAL
EPSS
27.35%
97.8th percentile
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
mailcowmailcow< 2024-042024-04
mailcowmailcow-dockerized< 2024-042024-04
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.