CVE-2022-24732
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| foxcpp | maddy | < 0.5.4 | affected |
Weaknesses
- CWE-613: CWE-613: Insufficient Session Expiration
- CWE-324: CWE-324: Use of a Key Past its Expiration Date
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
- https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
- https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.