FKIE_CVE-2024-3191

Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-11 14:49
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307.
References
cna@vuldb.comhttps://github.com/MailCleaner/MailCleaner/pull/601Issue Tracking
cna@vuldb.comhttps://modzero.com/en/advisories/mz-24-01-mailcleaner/Third Party Advisory
cna@vuldb.comhttps://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdfExploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.262307Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.262307Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/MailCleaner/MailCleaner/pull/601Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://modzero.com/en/advisories/mz-24-01-mailcleaner/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdfExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.262307Permissions Required, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.262307Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
mailcleaner mailcleaner *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
              "versionEndIncluding": "2023.03.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en MailCleaner hasta 2023.03.14 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del componente Email Handler. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-262307."
    }
  ],
  "id": "CVE-2024-3191",
  "lastModified": "2025-04-11T14:49:53.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-29T07:15:07.080",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/MailCleaner/MailCleaner/pull/601"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.262307"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.262307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/MailCleaner/MailCleaner/pull/601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.262307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.262307"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.