CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35187 – Stalwart Mail Server has privilege escalation by design
https://notcve.org/view.php?id=CVE-2024-35187
16 May 2024 — Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate use... • https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-rwp5-f854-ppg6 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35179 – Unprivileged Stalwart Mail Server user can read files as root
https://notcve.org/view.php?id=CVE-2024-35179
15 May 2024 — Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8... • https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h • CWE-271: Privilege Dropping / Lowering Errors •