Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mailcow Docker Container Exposure to Local Network
Vulnerability Description
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
资源在另一范围的外部可控制索引
Vulnerability Title
mailcow 安全漏洞
Vulnerability Description
mailcow是一个邮件服务器套件。 mailcow 2024-01c之前版本存在安全漏洞,该漏洞源于允许同一子网上的攻击者连接到 Docker 容器的公开端口。
CVSS Information
N/A
Vulnerability Type
N/A