Lucene search

GitHub_MVULNRICHMENT:CVE-2024-35179

HistoryMay 15, 2024 - 3:55 p.m.

CVE-2024-35179 Unprivileged Stalwart Mail Server user can read files as root

2024-05-1515:55:28

CWE-271

GitHub_M

github.com

cve-2024-35179; stalwart mail server; unprivileged access

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUN_AS_USER, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUN_AS_USER who handed out admin credentials to the mail server but expect these to only grant access according to the RUN_AS_USER and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.

CNA Affected

[
  {
    "vendor": "stalwartlabs",
    "product": "mail-server",
    "versions": [
      {
        "version": "< 0.8.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VULNRICHMENT:CVE-2024-35179