Thursday, June 2, 2022

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. (CVSS:9.0) (Last Update:2022-06-02)
http://dlvr.it/SRWvfv

No comments:

Post a Comment

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framewo...