What is CVE-2022-39258?

CVE-2022-39258 is a high-severity vulnerability in Mailcow Mailcow-dockerized, classified under User Interface (UI) Misrepresentation of Critical Information. CVSS score: 8.1/10. Published 2022-09-27.

How severe is CVE-2022-39258?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2022-39258 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Mailcow Mailcow-dockerized

CVE-2022-39258

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger a…

EPSS: 0.003 (50.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Mailcow Mailcow-dockerized — versions < 2022-09

Weakness classification (CWE)

Public proof-of-concept exploits

karimhabush/cyberowl

References

github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-vjgf-cp5p-wm45 (x_refsource_CONFIRM)
github.com/mailcow/mailcow-dockerized/pull/4766 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-39258?: CVE-2022-39258 is a high-severity vulnerability in Mailcow Mailcow-dockerized, classified under User Interface (UI) Misrepresentation of Critical Information. CVSS score: 8.1/10. Published 2022-09-27.
How severe is CVE-2022-39258?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2022-39258 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.