CVE-2022-24732
First published: Wed Mar 09 2022(Updated: )
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Maddy Project Maddy | >=0.5.0<0.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-24732?
CVE-2022-24732 is a vulnerability in the Maddy Mail Server that allows authentication without password or account expiry checking when using PAM.
What is the severity of CVE-2022-24732?
CVE-2022-24732 has a severity rating of high (8.8).
How can I fix CVE-2022-24732?
To fix CVE-2022-24732, users are advised to upgrade their Maddy Mail Server to version 0.5.4 or higher.
What can I do if I am unable to upgrade Maddy Mail Server to version 0.5.4?
If you are unable to upgrade Maddy Mail Server to version 0.5.4, you should manually remove expired accounts via existing filtering mechanisms.
Where can I find more information about CVE-2022-24732?
You can find more information about CVE-2022-24732 in the GitHub commit (https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583) and the GitHub security advisory (https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9).
- collector/nvd-index
- vendor/maddy project
- canonical/maddy project maddy
- version/maddy project maddy/0.5.0