{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3191","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-04-02T14:22:37.552Z","datePublished":"2024-04-29T06:21:47.288Z","dateUpdated":"2024-08-27T17:34:56.094Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-04-29T06:21:47.288Z"},"title":"MailCleaner Email os command injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"CWE-78 OS Command Injection"}]}],"affected":[{"vendor":"n/a","product":"MailCleaner","versions":[{"version":"2023.03.0","status":"affected"},{"version":"2023.03.1","status":"affected"},{"version":"2023.03.2","status":"affected"},{"version":"2023.03.3","status":"affected"},{"version":"2023.03.4","status":"affected"},{"version":"2023.03.5","status":"affected"},{"version":"2023.03.6","status":"affected"},{"version":"2023.03.7","status":"affected"},{"version":"2023.03.8","status":"affected"},{"version":"2023.03.9","status":"affected"},{"version":"2023.03.10","status":"affected"},{"version":"2023.03.11","status":"affected"},{"version":"2023.03.12","status":"affected"},{"version":"2023.03.13","status":"affected"},{"version":"2023.03.14","status":"affected"}],"modules":["Email Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307."},{"lang":"de","value":"Eine Schwachstelle wurde in MailCleaner bis 2023.03.14 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Email Handler. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"CRITICAL"}},{"cvssV3_0":{"version":"3.0","baseScore":9.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"CRITICAL"}},{"cvssV2_0":{"version":"2.0","baseScore":10,"vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}}],"timeline":[{"time":"2024-04-23T00:00:00.000Z","lang":"en","value":"Countermeasure disclosed"},{"time":"2024-04-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-04-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-04-29T08:26:26.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Michael Imfeld","type":"finder"},{"lang":"en","value":"Pascal Zenker","type":"finder"}],"references":[{"url":"https://vuldb.com/?id.262307","name":"VDB-262307 | MailCleaner Email os command injection","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.262307","name":"VDB-262307 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://modzero.com/en/advisories/mz-24-01-mailcleaner/","tags":["related"]},{"url":"https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf","tags":["exploit"]},{"url":"https://github.com/MailCleaner/MailCleaner/pull/601","tags":["issue-tracking","patch"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:05:07.514Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.262307","name":"VDB-262307 | MailCleaner Email os command injection","tags":["vdb-entry","x_transferred"]},{"url":"https://vuldb.com/?ctiid.262307","name":"VDB-262307 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://modzero.com/en/advisories/mz-24-01-mailcleaner/","tags":["related","x_transferred"]},{"url":"https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf","tags":["exploit","x_transferred"]},{"url":"https://github.com/MailCleaner/MailCleaner/pull/601","tags":["issue-tracking","patch","x_transferred"]}]},{"affected":[{"vendor":"mailcleaner","product":"mailcleaner","cpes":["cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2023.03.0","status":"affected"},{"version":"2023.03.1","status":"affected"},{"version":"2023.03.2","status":"affected"},{"version":"2023.03.3","status":"affected"},{"version":"2023.03.4","status":"affected"},{"version":"2023.03.5","status":"affected"},{"version":"2023.03.6","status":"affected"},{"version":"2023.03.7","status":"affected"},{"version":"2023.03.8","status":"affected"},{"version":"2023.03.9","status":"affected"},{"version":"2023.03.10","status":"affected"},{"version":"2023.03.11","status":"affected"},{"version":"2023.03.12","status":"affected"},{"version":"2023.03.13","status":"affected"},{"version":"2023.03.14","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-04-30T13:41:22.311410Z","id":"CVE-2024-3191","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-27T17:34:56.094Z"}}]}}