CVE-2024-30270

CVSS 3.1 Score 6.2 of 10 (medium)

Details

Published Apr 4, 2024
CWE ID 22

Summary

CVE-2024-30270 is a security vulnerability found in mailcow: dockerized, an open source groupware/email suite based on docker. The vulnerability affects versions prior to 2024-04 and is a combination of path traversal and arbitrary code execution. It specifically targets the rspamd_maps() function, allowing authenticated admin users to overwrite any file writable by the www-data user through improper path validation. Exploiting this vulnerability can lead to the execution of arbitrary commands on the server. However, version 2024-04 includes a patch to address this issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-30270 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options