{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3195", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-04-02T14:22:48.769Z", "datePublished": "2024-04-29T06:22:42.675Z", "dateUpdated": "2024-08-01T20:05:07.504Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-29T06:22:42.675Z"}, "title": "MailCleaner Admin Endpoints path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Path Traversal"}]}], "affected": [{"vendor": "n/a", "product": "MailCleaner", "versions": [{"version": "2023.03.0", "status": "affected"}, {"version": "2023.03.1", "status": "affected"}, {"version": "2023.03.2", "status": "affected"}, {"version": "2023.03.3", "status": "affected"}, {"version": "2023.03.4", "status": "affected"}, {"version": "2023.03.5", "status": "affected"}, {"version": "2023.03.6", "status": "affected"}, {"version": "2023.03.7", "status": "affected"}, {"version": "2023.03.8", "status": "affected"}, {"version": "2023.03.9", "status": "affected"}, {"version": "2023.03.10", "status": "affected"}, {"version": "2023.03.11", "status": "affected"}, {"version": "2023.03.12", "status": "affected"}, {"version": "2023.03.13", "status": "affected"}, {"version": "2023.03.14", "status": "affected"}], "modules": ["Admin Endpoints"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Admin Endpoints. Mittels dem Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-04-23T00:00:00.000Z", "lang": "en", "value": "Countermeasure disclosed"}, {"time": "2024-04-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-04-29T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-29T08:26:32.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Michael Imfeld", "type": "finder"}, {"lang": "en", "value": "Pascal Zenker", "type": "finder"}], "references": [{"url": "https://vuldb.com/?id.262311", "name": "VDB-262311 | MailCleaner Admin Endpoints path traversal", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.262311", "name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/", "tags": ["related"]}, {"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf", "tags": ["exploit"]}, {"url": "https://github.com/MailCleaner/MailCleaner/pull/601", "tags": ["issue-tracking", "patch"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3195", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T11:16:34.962014Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"], "vendor": "mailcleaner", "product": "mailcleaner", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:16.869Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.504Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.262311", "name": "VDB-262311 | MailCleaner Admin Endpoints path traversal", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.262311", "name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/", "tags": ["related", "x_transferred"]}, {"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/MailCleaner/MailCleaner/pull/601", "tags": ["issue-tracking", "patch", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.262311", "name": "VDB-262311 | MailCleaner Admin Endpoints path traversal", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.262311", "name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/", "tags": ["related", "x_transferred"]}, {"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/MailCleaner/MailCleaner/pull/601", "tags": ["issue-tracking", "patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.504Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3195", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T11:16:34.962014Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"], "vendor": "mailcleaner", "product": "mailcleaner", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T11:18:18.444Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "MailCleaner Admin Endpoints path traversal", "credits": [{"lang": "en", "type": "finder", "value": "Michael Imfeld"}, {"lang": "en", "type": "finder", "value": "Pascal Zenker"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "affected": [{"vendor": "n/a", "modules": ["Admin Endpoints"], "product": "MailCleaner", "versions": [{"status": "affected", "version": "2023.03.0"}, {"status": "affected", "version": "2023.03.1"}, {"status": "affected", "version": "2023.03.2"}, {"status": "affected", "version": "2023.03.3"}, {"status": "affected", "version": "2023.03.4"}, {"status": "affected", "version": "2023.03.5"}, {"status": "affected", "version": "2023.03.6"}, {"status": "affected", "version": "2023.03.7"}, {"status": "affected", "version": "2023.03.8"}, {"status": "affected", "version": "2023.03.9"}, {"status": "affected", "version": "2023.03.10"}, {"status": "affected", "version": "2023.03.11"}, {"status": "affected", "version": "2023.03.12"}, {"status": "affected", "version": "2023.03.13"}, {"status": "affected", "version": "2023.03.14"}]}], "timeline": [{"lang": "en", "time": "2024-04-23T00:00:00.000Z", "value": "Countermeasure disclosed"}, {"lang": "en", "time": "2024-04-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-04-29T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-04-29T08:26:32.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.262311", "name": "VDB-262311 | MailCleaner Admin Endpoints path traversal", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.262311", "name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/", "tags": ["related"]}, {"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf", "tags": ["exploit"]}, {"url": "https://github.com/MailCleaner/MailCleaner/pull/601", "tags": ["issue-tracking", "patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Admin Endpoints. Mittels dem Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-29T06:22:42.675Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3195", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:07.504Z", "dateReserved": "2024-04-02T14:22:48.769Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-04-29T06:22:42.675Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*", "matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768", "versionEndIncluding": "2023.03.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en MailCleaner hasta 2023.03.14. Ha sido clasificada como cr\u00edtica. Una parte desconocida del componente Admin Endpoints afecta a una parte desconocida. La manipulaci\u00f3n conduce al recorrido del camino. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-262311."}], "id": "CVE-2024-3195", "lastModified": "2025-03-21T17:14:03.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-29T07:15:08.400", "references": [{"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/MailCleaner/MailCleaner/pull/601"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.262311"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.262311"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/MailCleaner/MailCleaner/pull/601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.262311"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.262311"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}