{"containers": {"cna": {"affected": [{"product": "maddy", "vendor": "foxcpp", "versions": [{"status": "affected", "version": "< 0.5.4"}]}], "descriptions": [{"lang": "en", "value": "Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-324", "description": "CWE-324: Use of a Key Past its Expiration Date", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-09T19:40:08.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583"}], "source": {"advisory": "GHSA-6cp7-g972-w9m9", "discovery": "UNKNOWN"}, "title": "Maddy Mail Server does not implement account expiry", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24732", "STATE": "PUBLIC", "TITLE": "Maddy Mail Server does not implement account expiry"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "maddy", "version": {"version_data": [{"version_value": "< 0.5.4"}]}}]}, "vendor_name": "foxcpp"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613: Insufficient Session Expiration"}]}, {"description": [{"lang": "eng", "value": "CWE-324: Use of a Key Past its Expiration Date"}]}]}, "references": {"reference_data": [{"name": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9", "refsource": "CONFIRM", "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9"}, {"name": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583", "refsource": "MISC", "url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583"}]}, "source": {"advisory": "GHSA-6cp7-g972-w9m9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:49.847Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T14:09:25.376848Z", "id": "CVE-2022-24732", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T18:56:33.643Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24732", "datePublished": "2022-03-09T19:40:08.000Z", "dateReserved": "2022-02-10T00:00:00.000Z", "dateUpdated": "2025-04-23T18:56:33.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:49.847Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-24732", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T14:09:25.376848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:09:26.599Z"}}], "cna": {"title": "Maddy Mail Server does not implement account expiry", "source": {"advisory": "GHSA-6cp7-g972-w9m9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "foxcpp", "product": "maddy", "versions": [{"status": "affected", "version": "< 0.5.4"}]}], "references": [{"url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-324", "description": "CWE-324: Use of a Key Past its Expiration Date"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-03-09T19:40:08.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, "source": {"advisory": "GHSA-6cp7-g972-w9m9", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "< 0.5.4"}]}, "product_name": "maddy"}]}, "vendor_name": "foxcpp"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9", "name": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9", "refsource": "CONFIRM"}, {"url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583", "name": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613: Insufficient Session Expiration"}]}, {"description": [{"lang": "eng", "value": "CWE-324: Use of a Key Past its Expiration Date"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-24732", "STATE": "PUBLIC", "TITLE": "Maddy Mail Server does not implement account expiry", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-24732", "state": "PUBLISHED", "dateUpdated": "2025-04-23T18:56:33.643Z", "dateReserved": "2022-02-10T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-03-09T19:40:08.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:maddy_project:maddy:*:*:*:*:*:*:*:*", "matchCriteriaId": "F116C241-39C7-4E8A-8776-5961385A8E94", "versionEndExcluding": "0.5.4", "versionStartIncluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms."}, {"lang": "es", "value": "Maddy Mail Server es un servidor de correo electr\u00f3nico de c\u00f3digo abierto compatible con SMTP. Las versiones de maddy anteriores a 0.5.4, no implementan la comprobaci\u00f3n de la caducidad de la contrase\u00f1a o de la cuenta cuando es autenticado usando PAM. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizarse deber\u00e1n eliminar manualmente las cuentas caducadas por medio de los mecanismos de filtrado existentes"}], "id": "CVE-2022-24732", "lastModified": "2024-11-21T06:50:58.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-09T20:15:08.623", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-324"}, {"lang": "en", "value": "CWE-613"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}