Mailcow Vulnerability Affects Prior Versions, Patch Released
CVE-2024-30270

6.2MEDIUM

Key Information:

Vendor: Mailcow
Status: Mailcow-dockerized
Vendor: CVE Published:; 4 April 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 49%📰 News Worthy

What is CVE-2024-30270?

The CVE-2024-30270 vulnerability affects prior versions of the Mailcow software and allows authenticated admin users to overwrite files and execute arbitrary commands on the server. It also includes a cross-site scripting (XSS) vulnerability in the admin panel and a path traversal exploit. The vulnerability allows attackers to craft emails with multi-stage payloads to execute commands on the server. Mailcow has released a patch for the issue in version 2024-04 and has implemented new security measures to prevent similar attacks in the future. No known exploitation in the wild has been reported.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

mailcow-dockerized < 2024-04

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-30270-PoC
Created by Alchemist3dot14