CVE-2022-24732

Опубликовано: 09 мар. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.

Ссылки

https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
Patch
Third Party Advisory
https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
Third Party Advisory
https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
Patch
Third Party Advisory
https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:maddy_project:maddy:*:*:*:*:*:*:*:*

Версия от 0.5.0 (включая) до 0.5.4 (исключая)

EPSS

Процентиль: 34%

0.00133

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-324

Связанные уязвимости

GHSA-6cp7-g972-w9m9

CVSS3: 6.3

github

почти 4 года назад

Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server

EPSS

Процентиль: 34%

0.00133

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-324