CVE-2022-24732
low-risk
Published 2022-03-09
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Maddy
Affected Vendors
References (4)
Third Party Advisory
https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
Third Party Advisory
https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
29
/ 100
low-risk
Severity
23/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal