CVE-2022-39258

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions mailcow versions prior to 2022-09

Description A vulnerability in mailcow allows an attacker to craft a custom Swagger API template to spoof Authorize links, potentially redirecting a victim to an attacker-controlled place to steal Swagger authorization credentials or create a phishing page to steal other information.

Recommendations For versions prior to 2022-09, update to the 2022-09 mailcow Mootember Update to resolve the issue. As a temporary workaround, consider deleting the Swagger API Documentation from the email server to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Open Redirect

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-601CWE-451

Related Identifiers

CVE-2022-39258

GHSA-VJGF-CP5P-WM45

Affected Products

Mailcow

CVE-2022-39258

Weakness Enumeration

Related Identifiers

Affected Products

References · 6