Home > Vulnerability Database > CVE-2023-27582

Mend.io Vulnerability Database

CVE-2023-27582

Good to know:

Date: March 13, 2023

maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.

Language: Go

Severity Score

9.8

Related Resources (6)

Url: https://github.com/foxcpp/maddy/releases/tag/v0.6.3

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27582

Url: https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w

Url: https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a

Url: https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c

Url: https://www.mend.io/vulnerability-database/CVE-2023-27582

Severity Score

9.8

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version v0.6.3

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27582

Good to know:

Date: March 13, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?