CVE-2024-35179
MEDIUMDescription
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.
Is your site exposed to CVE-2024-35179?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-35179? +
How severe is CVE-2024-35179? +
How do I check if I'm vulnerable to CVE-2024-35179? +
Related Vulnerabilities
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics …
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as …
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with …
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This …