Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation
Vulnerability Description
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Bulwark Webmail 授权问题漏洞
Vulnerability Description
Bulwark Webmail是Bulwark Mail开源的一个自托管网页邮件客户端。 Bulwark Webmail 1.4.10之前版本存在授权问题漏洞,该漏洞源于verifyIdentity函数在无会话Cookie时返回true的逻辑问题,可能导致未经验证的攻击者绕过安全检查。
CVSS Information
N/A
Vulnerability Type
N/A