CSRF Vulnerability in Mailcow: Dockerized by Mailcow
CVE-2017-8928

8.8HIGH

Key Information:

Vendor: Mailcow
Status: Mailcow\
Vendor: CVE Published:; 14 May 2017

What is CVE-2017-8928?

A CSRF vulnerability exists in Mailcow 0.14, used in the application 'mailcow: dockerized', which can allow attackers to perform actions on behalf of unsuspecting users. This weakness can lead to unauthorized access and manipulation of user accounts and sensitive data, thereby compromising the integrity of user sessions. Proper validation and security measures are essential to mitigate this risk.

References

https://www.exploit-db.com/exploits/42004/

exploitx_refsource_EXPLOIT-DB

https://github.com/mailcow/mailcow-dockerized/pull/268/co...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2017
Vulnerability Reserved
May 14, 2017

CVE-2017-8928 Data

JSON