漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
mailcow: dockerized missing authorization on Forwarding Hosts delete action
Vulnerability Description
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes place when deleting Forwarding Hosts with `/api/v1/delete/fwdhost`. Any authenticated user can call this API. Checks are only applied for edit/add actions, but deletion can still significantly disrupt the mail service. Version 2026-03b fixes the vulnerability.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
mailcow: dockerized 访问控制错误漏洞
Vulnerability Description
mailcow: dockerized是mailcow开源的一个docker化的mailcow应用软件。 mailcow: dockerized 2026-03b之前版本存在访问控制错误漏洞,该漏洞源于删除转发主机时未进行管理员验证,可能导致任何经过身份验证的用户调用此API并严重破坏邮件服务。
CVSS Information
N/A
Vulnerability Type
N/A