Lucene search

[email protected]CVE-2024-3194

HistoryApr 29, 2024 - 7:15 a.m.

CVE-2024-3194

2024-04-2907:15:08

CWE-79

[email protected]

web.nvd.nist.gov

mailcleaner vulnerability

2023.03.14

remote attack

cross-site scripting

patch

vdb-262310

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

Node

mailcleanermailcleanerMatch2023.03.0

mailcleanermailcleanerMatch2023.03.1

mailcleanermailcleanerMatch2023.03.2

mailcleanermailcleanerMatch2023.03.3

mailcleanermailcleanerMatch2023.03.4

mailcleanermailcleanerMatch2023.03.5

mailcleanermailcleanerMatch2023.03.6

mailcleanermailcleanerMatch2023.03.7

mailcleanermailcleanerMatch2023.03.8

mailcleanermailcleanerMatch2023.03.9

mailcleanermailcleanerMatch2023.03.10

mailcleanermailcleanerMatch2023.03.11

mailcleanermailcleanerMatch2023.03.12

mailcleanermailcleanerMatch2023.03.13

mailcleanermailcleanerMatch2023.03.14

VendorProductVersionCPE
mailcleanermailcleaner2023.03.0cpe:2.3:a:mailcleaner:mailcleaner:2023.03.0:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.1cpe:2.3:a:mailcleaner:mailcleaner:2023.03.1:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.2cpe:2.3:a:mailcleaner:mailcleaner:2023.03.2:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.3cpe:2.3:a:mailcleaner:mailcleaner:2023.03.3:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.4cpe:2.3:a:mailcleaner:mailcleaner:2023.03.4:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.5cpe:2.3:a:mailcleaner:mailcleaner:2023.03.5:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.6cpe:2.3:a:mailcleaner:mailcleaner:2023.03.6:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.7cpe:2.3:a:mailcleaner:mailcleaner:2023.03.7:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.8cpe:2.3:a:mailcleaner:mailcleaner:2023.03.8:*:*:*:*:*:*:*
mailcleanermailcleaner2023.03.9cpe:2.3:a:mailcleaner:mailcleaner:2023.03.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mailcleaner	mailcleaner	2023.03.0	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.0:::::::*
mailcleaner	mailcleaner	2023.03.1	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.1:::::::*
mailcleaner	mailcleaner	2023.03.2	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.2:::::::*
mailcleaner	mailcleaner	2023.03.3	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.3:::::::*
mailcleaner	mailcleaner	2023.03.4	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.4:::::::*
mailcleaner	mailcleaner	2023.03.5	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.5:::::::*
mailcleaner	mailcleaner	2023.03.6	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.6:::::::*
mailcleaner	mailcleaner	2023.03.7	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.7:::::::*
mailcleaner	mailcleaner	2023.03.8	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.8:::::::*
mailcleaner	mailcleaner	2023.03.9	cpe:2.3:a:mailcleaner:mailcleaner:2023.03.9:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "MailCleaner",
    "versions": [
      {
        "version": "2023.03.0",
        "status": "affected"
      },
      {
        "version": "2023.03.1",
        "status": "affected"
      },
      {
        "version": "2023.03.2",
        "status": "affected"
      },
      {
        "version": "2023.03.3",
        "status": "affected"
      },
      {
        "version": "2023.03.4",
        "status": "affected"
      },
      {
        "version": "2023.03.5",
        "status": "affected"
      },
      {
        "version": "2023.03.6",
        "status": "affected"
      },
      {
        "version": "2023.03.7",
        "status": "affected"
      },
      {
        "version": "2023.03.8",
        "status": "affected"
      },
      {
        "version": "2023.03.9",
        "status": "affected"
      },
      {
        "version": "2023.03.10",
        "status": "affected"
      },
      {
        "version": "2023.03.11",
        "status": "affected"
      },
      {
        "version": "2023.03.12",
        "status": "affected"
      },
      {
        "version": "2023.03.13",
        "status": "affected"
      },
      {
        "version": "2023.03.14",
        "status": "affected"
      }
    ],
    "modules": [
      "Log File Endpoint"
    ]
  }
]

References

github.com/MailCleaner/MailCleaner/pull/601

modzero.com/en/advisories/mz-24-01-mailcleaner/

modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf

vuldb.com/?ctiid.262310

vuldb.com/?id.262310

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2024-3194

nvd1 cvelist1