<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2022-22931: Path traversal in Apache James
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Benoit Tellier <btellier () apache org>
Date: Mon, 07 Feb 2022 04:39:16 +0000
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Severity: moderate
Description:
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations.
Affected implementations include:
- maildir mailbox store
- Sieve file repository
This enables a user to access other users data stores (limited to user names being prefixed by the value of the
username being used).
Mitigation:
This had been fixed in Apache James 3.6.2.
Credit:
These issues were discovered and reported by GHSL team member Jaroslav Lobačevski
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2022-22931: Path traversal in Apache James Benoit Tellier (Feb 07)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->