CVE-2022-39258

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39258

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39258.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39258

Related

GHSA-vjgf-cp5p-wm45

Published

2022-09-27T15:15:10Z

Modified

2025-01-14T11:06:44.739680Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.

References

Affected packages

Git / github.com/mailcow/mailcow-dockerized

Affected ranges

Type: GIT
Repo: https://github.com/mailcow/mailcow-dockerized
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cb058e91a3f3109dd5812e44174f32f2a9020fc0

Affected versions

Other

2022-01

2022-01a

2022-03

2022-03a

2022-04

2022-05

2022-05a

2022-05b

2022-05c

2022-05d

2022-06

2022-06a

2022-06b

2022-07

2022-07a

2022-08

2022-08a

2022-08b

2022-09