mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

关键信息的UI错误表达

mailcow 输入验证错误漏洞

mailcow是一个邮件服务器套件。 mailcow 2022-09之前版本存在安全漏洞，该漏洞源于允许攻击者制作自定义Swagger API模板来欺骗授权链接，这可能会将受害者重定向到攻击者控制器指定位置，以窃取Swagger授权凭据或创建网络钓鱼页面以窃取其他信息。

N/A

N/A