CVE-2017-5930
LOW EXPLOITEDOpensuse Leap < 3.0.2 - Missing Authorization
Title source: ruleDescription
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
Exploits (1)
metasploit
WORKING POC
by Jan-Frederik Rieckers · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb
References (7)
Scores
CVSS v3
2.7
EPSS
0.3986
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Details
VulnCheck KEV
2022-01-26
CWE
CWE-862
Status
published
Products (3)
opensuse/leap
42.1
opensuse/leap
42.2
postfixadmin_project/postfixadmin
< 3.0.2
Published
Mar 20, 2017
Tracked Since
Feb 18, 2026