CVE-2022-22931 - OpenCVE

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	James

Configuration 1 [-]

cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr	Mailing List Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/02/07/1	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2022-02-07T18:50:10

Updated: 2022-02-07T18:50:10

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22931

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-07T19:15:08.300

Modified: 2022-02-15T20:33:49.447

Link: CVE-2022-22931

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Apache James", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Apache James 3.6.1"}]}], "credits": [{"lang": "en", "value": "These issues were discovered and reported by GHSL team member Jaroslav Loba\u010devski"}], "descriptions": [{"lang": "en", "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)."}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T18:50:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Path traversal in Apache James 3.6.1", "workarounds": [{"lang": "en", "value": "This had been fixed in Apache James 3.6.2."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-22931", "STATE": "PUBLIC", "TITLE": "Path traversal in Apache James 3.6.1"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache James", "version": {"version_data": [{"version_affected": "=", "version_name": "Apache James", "version_value": "3.6.1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "These issues were discovered and reported by GHSL team member Jaroslav Loba\u010devski"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr", "refsource": "MISC", "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"name": "https://www.openwall.com/lists/oss-security/2022/02/07/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "This had been fixed in Apache James 3.6.2."}]}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-22931", "datePublished": "2022-02-07T18:50:10", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2022-02-07T18:50:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "9624C51D-A71D-44F0-96D9-1289F56AB4F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used)."}, {"lang": "es", "value": "La correcci\u00f3n de CVE-2021-40525 no antepone delimitadores a las comprobaciones de directorios. Las implementaciones afectadas incluyen: - Almac\u00e9n de buzones maildir - Repositorio de archivos Sieve Esto permite a un usuario acceder a almacenes de datos de otros usuarios (limitado a que los nombres de usuario lleven como prefijo el valor del nombre de usuario usado)"}], "id": "CVE-2022-22931", "lastModified": "2022-02-15T20:33:49.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-07T19:15:08.300", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/1"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}]}