Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages

Mailcow is an easy-to-use email solution that features SMTP, IMAP, POP3 servers, a webmail client, and more. However, it was found to have two vulnerabilities - XSS in the Admin Panel (CVE-2024-31204) and Arbitrary File Overwrite (CVE-2024-30270). These vulnerabilities can be combined to take over a mailcow instance with a single email viewed by an admin. The Mailcow team has fixed these issues in version 2024-04, but it highlights the importance of security-in-depth and using tools like SonarCloud to flag potential vulnerabilities early on.