Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

SonarCloud uncovers 2 critical vulns in open-source server mailcow

June 2024 by Sonar

Sonar’s vulnerability research team shared that it discovered two security issues causing critical vulnerabilities in the popular and user-friendly email server solution mailcow. The widespread usage of mailcow in the open-source Linux community makes the server a valuable target for malicious actors.

While scanning mailcow’s code base, SonarCloud found a Path Traversal vulnerability which looked like it could lead to Remote Code Execution. Upon manual investigation of the code, the issue was confirmed along with an additional Cross-Site Scripting (XSS) flaw. The combination of both vulnerabilities makes it possible for an attacker to completely take over all accounts on a mailcow user’s server – giving them full access to (and control over) all internal data, and allowing them to impersonate the user through reading and sending emails from the server.

Sonar is dedicated to ensuring all open-source projects are secure and functional, and so the vulnerability team performs regular scans of popular open-source projects via SonarCloud, and analyzes the results to ensure these platforms are running on Clean Code.

The issues detected in mailcow’s code base are tracked as CVE-2024-31204 (XSS) and CVE-2024-30270 (Path Traversal). Mailcow announced the fix in an advisory here and reminds all users to please ensure their email server is up to date with patches.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts