CVE-2022-22931
published 2022-02-07CVE-2022-22931: Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | james | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ghsa9.1CRITICAL
osv9.1CRITICAL