CVE-2022-39258

HIGH Year: 2022
CVSS v3 Score
8.2
High
Weakness Type
CWE-200
View all →

Vulnerability Description

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.

Related Vulnerabilities

CVE-2018-9275

HIGH
CVSS:8.2(High)

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosur...

CWE-2002018

CVE-2019-4437

HIGH
CVSS:8.2(High)

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.

CWE-2002019

CVE-2020-4927

HIGH
CVSS:8.2(High)

A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: ...

CWE-2002020

CVE-2022-1774

HIGH
CVSS:8.2(High)

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

CWE-2002022

CVE-2022-31112

HIGH
CVSS:8.2(High)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing...

CWE-2002022

CVE-2023-24010

HIGH
CVSS:8.2(High)

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnera...

CWE-2002023