← Back

CVE-2017-5930

nvd nist
Published: Mar 20, 2017Modified: May 13, 2026

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Exploitability: 1.2 / Impact: 1.4
Source: NVD

Description

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

Affected (3)

Opensuse
1 product
Leap
Postfixadmin Project
1 product
Postfixadmin
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Leap
Version 42.1
Leap
Version 42.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Postfixadmin
Before 3.0.2

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (14)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB EntryVendor Advisory
Source: secalert@redhat.com
Release NotesThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.