CVE-2022-22931 - Vulnerability Details - OpenCVE

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	James

Configuration 1 [-]

cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr
https://www.openwall.com/lists/oss-security/2022/02/07/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-02-07T18:50:10

Updated: 2024-08-03T03:28:42.456Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22931

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-02-07T19:15:08.300

Modified: 2024-11-21T06:47:38.117

Link: CVE-2022-22931

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache James", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Apache James 3.6.1"}]}], "credits": [{"lang": "en", "value": "These issues were discovered and reported by GHSL team member Jaroslav Loba\u010devski"}], "descriptions": [{"lang": "en", "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)."}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T18:50:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Path traversal in Apache James 3.6.1", "workarounds": [{"lang": "en", "value": "This had been fixed in Apache James 3.6.2."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-22931", "STATE": "PUBLIC", "TITLE": "Path traversal in Apache James 3.6.1"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache James", "version": {"version_data": [{"version_affected": "=", "version_name": "Apache James", "version_value": "3.6.1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "These issues were discovered and reported by GHSL team member Jaroslav Loba\u010devski"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr", "refsource": "MISC", "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"name": "https://www.openwall.com/lists/oss-security/2022/02/07/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "This had been fixed in Apache James 3.6.2."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.456Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-22931", "datePublished": "2022-02-07T18:50:10", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2024-08-03T03:28:42.456Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "9624C51D-A71D-44F0-96D9-1289F56AB4F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)."}, {"lang": "es", "value": "La correcci\u00f3n de CVE-2021-40525 no antepone delimitadores a las comprobaciones de directorios. Las implementaciones afectadas incluyen: - Almac\u00e9n de buzones maildir - Repositorio de archivos Sieve Esto permite a un usuario acceder a almacenes de datos de otros usuarios (limitado a que los nombres de usuario lleven como prefijo el valor del nombre de usuario usado)"}], "id": "CVE-2022-22931", "lastModified": "2024-11-21T06:47:38.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-07T19:15:08.300", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}