-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/foxcpp/maddy: CVE-2023-27582 #1630
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
jba
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Mar 15, 2023
Change https://go.dev/cl/592760 mentions this issue: |
Change https://go.dev/cl/606783 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 20, 2024
- data/reports/GO-2023-1590.yaml - data/reports/GO-2023-1592.yaml - data/reports/GO-2023-1596.yaml - data/reports/GO-2023-1607.yaml - data/reports/GO-2023-1612.yaml - data/reports/GO-2023-1613.yaml - data/reports/GO-2023-1614.yaml - data/reports/GO-2023-1615.yaml - data/reports/GO-2023-1616.yaml - data/reports/GO-2023-1617.yaml - data/reports/GO-2023-1618.yaml - data/reports/GO-2023-1619.yaml - data/reports/GO-2023-1620.yaml - data/reports/GO-2023-1622.yaml - data/reports/GO-2023-1627.yaml - data/reports/GO-2023-1628.yaml - data/reports/GO-2023-1629.yaml - data/reports/GO-2023-1630.yaml - data/reports/GO-2023-1633.yaml - data/reports/GO-2023-1639.yaml Updates #1590 Updates #1592 Updates #1596 Updates #1607 Updates #1612 Updates #1613 Updates #1614 Updates #1615 Updates #1616 Updates #1617 Updates #1618 Updates #1619 Updates #1620 Updates #1622 Updates #1627 Updates #1628 Updates #1629 Updates #1630 Updates #1633 Updates #1639 Change-Id: I2441a82107b88955ddb98c7d3c55b7b2fe3e3aa7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606783 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2023-27582 references github.com/foxcpp/maddy, which may be a Go module.
Description:
maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.
References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: