mailcow 输入验证错误漏洞

mailcow is a mail server suite. mailcow versions prior to 2022.09 contain a redirection vulnerability, which stems from the system's failure to reasonably handle target hops. An attacker could exploit the vulnerability by crafting a custom Swagger API template to spoof authorization links and...

PT-2022-24850 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions prior to 2022-09 Description: A vulnerability in mailcow allows an attacker to craft a custom Swagger API template to spoof Authorize links, potentially redirecting a victim to an attacker-controlled place to steal Swagger...