CVE-2023-27582

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27582

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27582.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27582

Aliases

Related

GHSA-4g76-w3xw-2x6w

Published

2023-03-13T22:15:12Z

Modified

2025-05-28T10:33:50.046065Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.

References

Affected packages

Git / github.com/foxcpp/maddy

Affected ranges

Type: GIT
Repo: https://github.com/foxcpp/maddy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

55a91a37b71210f34f98f4d327c30308fe24399a

Fixed

55a91a37b71210f34f98f4d327c30308fe24399a

Fixed

9f58cb64b39cdc01928ec463bdb198c4c2313a9c

Fixed

9f58cb64b39cdc01928ec463bdb198c4c2313a9c

Fixed

ee1e340c77ed04f1f76aed826bc6a53c07fddc75

Fixed

ee1e340c77ed04f1f76aed826bc6a53c07fddc75

Affected versions

v0.*

v0.1.0

v0.1.1