Vulnerability Description
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailcow | Mailcow\ | < 2024-01, _dockerized |
Related Weaknesses (CWE)
References
- https://github.com/0xbunniee/MailCow-Pixel-Flood-AttackExploitThird Party Advisory
- https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf1Patch
- https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5pVendor Advisory
- https://github.com/0xbunniee/MailCow-Pixel-Flood-AttackExploitThird Party Advisory
- https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf1Patch
- https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5pVendor Advisory
FAQ
What is CVE-2024-23824?
CVE-2024-23824 is a vulnerability with a CVSS score of 4.7 (MEDIUM). mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in t...
How severe is CVE-2024-23824?
CVE-2024-23824 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23824?
Check the references section above for vendor advisories and patch information. Affected products include: Mailcow Mailcow\.