How severe is CVE-2024-24760?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-24760?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2024-24760 - HIGH Severity | CVSS 7.3

Vulnerability Description

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.

Related Vulnerabilities

CVE-2021-0591

HIGH

CVSS:7.3(High)

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of priv...

CWE-6102021

CVE-2022-46869

HIGH

CVSS:7.3(High)

Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.

CWE-6102022

CVE-2024-29069

HIGH

CVSS:7.3(High)

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic li...

CWE-6102024

CVE-2021-27183

HIGH

CVSS:7.2(High)

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location...

CWE-6102021

CVE-2021-41244

HIGH

CVSS:7.2(High)

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Gr...

CWE-6102021

CVE-2022-24241

HIGH

CVSS:7.5(High)

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

CWE-6102022