Home > Vulnerability Database > CVE-2024-23824

Mend.io Vulnerability Database

CVE-2024-23824

Good to know:

Date: February 2, 2024

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.

Language: PHP

Severity Score

2.7

Related Resources (5)

Url: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7

Url: https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23824

Url: https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack

Url: https://www.mend.io/vulnerability-database/CVE-2024-23824

Severity Score

2.7

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 2024-01

Learn More

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23824

Good to know:

Date: February 2, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?