CVE-2022-22931

Summary

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache JamesApache James 3.6.1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Workarounds

This had been fixed in Apache James 3.6.2.

ADP Enrichment

CVE Program Container

Additional References

References