{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3195","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-04-02T14:22:48.769Z","datePublished":"2024-04-29T06:22:42.675Z","dateUpdated":"2024-08-01T20:05:07.504Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-04-29T06:22:42.675Z"},"title":"MailCleaner Admin Endpoints path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"CWE-22 Path Traversal"}]}],"affected":[{"vendor":"n/a","product":"MailCleaner","versions":[{"version":"2023.03.0","status":"affected"},{"version":"2023.03.1","status":"affected"},{"version":"2023.03.2","status":"affected"},{"version":"2023.03.3","status":"affected"},{"version":"2023.03.4","status":"affected"},{"version":"2023.03.5","status":"affected"},{"version":"2023.03.6","status":"affected"},{"version":"2023.03.7","status":"affected"},{"version":"2023.03.8","status":"affected"},{"version":"2023.03.9","status":"affected"},{"version":"2023.03.10","status":"affected"},{"version":"2023.03.11","status":"affected"},{"version":"2023.03.12","status":"affected"},{"version":"2023.03.13","status":"affected"},{"version":"2023.03.14","status":"affected"}],"modules":["Admin Endpoints"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."},{"lang":"de","value":"Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Admin Endpoints. Mittels dem Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":4.7,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.7,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.8,"vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-04-23T00:00:00.000Z","lang":"en","value":"Countermeasure disclosed"},{"time":"2024-04-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-04-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-04-29T08:26:32.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Michael Imfeld","type":"finder"},{"lang":"en","value":"Pascal Zenker","type":"finder"}],"references":[{"url":"https://vuldb.com/?id.262311","name":"VDB-262311 | MailCleaner Admin Endpoints path traversal","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.262311","name":"VDB-262311 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://modzero.com/en/advisories/mz-24-01-mailcleaner/","tags":["related"]},{"url":"https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf","tags":["exploit"]},{"url":"https://github.com/MailCleaner/MailCleaner/pull/601","tags":["issue-tracking","patch"]}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-3195","role":"CISA Coordinator","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-29T11:16:34.962014Z"}}}],"affected":[{"cpes":["cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"],"vendor":"mailcleaner","product":"mailcleaner","versions":[{"status":"affected","version":"*"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:33:16.869Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:05:07.504Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.262311","name":"VDB-262311 | MailCleaner Admin Endpoints path traversal","tags":["vdb-entry","x_transferred"]},{"url":"https://vuldb.com/?ctiid.262311","name":"VDB-262311 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://modzero.com/en/advisories/mz-24-01-mailcleaner/","tags":["related","x_transferred"]},{"url":"https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf","tags":["exploit","x_transferred"]},{"url":"https://github.com/MailCleaner/MailCleaner/pull/601","tags":["issue-tracking","patch","x_transferred"]}]}]}}