CVSS 3.1 Score 6.8 of 10 (medium)


Published May 15, 2024
CWE ID 271


CVE-2024-35179 is a vulnerability that affects Stalwart Mail Server prior to version 0.8.0. When using the 'RUN_AS_USER' feature, the specified user (including web interface admins) can read arbitrary files as root. This poses a potential danger to organizations who have set up Stalwart Mail Server with 'RUN_AS_USER' and have granted admin credentials to the mail server, as attackers could exploit this vulnerability through Arbitrary Code Execution. However, version 0.8.0 contains a patch for this issue, providing a remediation solution for affected users. The severity of this vulnerability is classified as MEDIUM with a base score of 6.8 according to the Common Vulnerability Scoring System (CVSS) version 3.1. The confidentiality impact is rated as HIGH, while the integrity and availability impacts are rated as NONE.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-35179 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options