Vulnerability Description
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maddy Project | Maddy | >= 0.5.0, < 0.5.4 |
Related Weaknesses (CWE)
References
- https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583PatchThird Party Advisory
- https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9Third Party Advisory
- https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583PatchThird Party Advisory
- https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9Third Party Advisory
FAQ
What is CVE-2022-24732?
CVE-2022-24732 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are ...
How severe is CVE-2022-24732?
CVE-2022-24732 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24732?
Check the references section above for vendor advisories and patch information. Affected products include: Maddy Project Maddy.