ID
VAR-202202-0164
CVE
CVE-2022-22931
TITLE
Apache James Past traversal vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-005132
DESCRIPTION
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). Apache James contains a path traversal vulnerability. This vulnerability is CVE-2021-40525 This is a vulnerability caused by an incomplete fix for.Information may be obtained
Trust: 1.71
sources:
NVD: CVE-2022-22931 //
JVNDB: JVNDB-2022-005132 //
VULMON: CVE-2022-22931
AFFECTED PRODUCTS
| vendor: | apache | model: | james | scope: | eq | version: | 3.6.1 | Trust: 1.0 |
| vendor: | apache | model: | james | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | apache | model: | james | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-005132 //
NVD: CVE-2022-22931
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2022-22931 //
JVNDB: JVNDB-2022-005132 //
CNNVD: CNNVD-202202-539 //
NVD: CVE-2022-22931
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.0 |
| problemtype: | Path traversal (CWE-22) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-005132 //
NVD: CVE-2022-22931
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202202-539
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-202202-539
PATCH
| title: | CVE-2022-22931 | url: | https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr | Trust: 0.8 |
| title: | Apache James Repair measures for path traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182160 | Trust: 0.6 |
| title: | CVE-2022-XXXX | url: | https://github.com/AlphabugX/CVE-2022-23305 | Trust: 0.1 |
| title: | CVE-2022-XXXX | url: | https://github.com/AlphabugX/CVE-2022-RCE | Trust: 0.1 |
sources:
VULMON: CVE-2022-22931 //
JVNDB: JVNDB-2022-005132 //
CNNVD: CNNVD-202202-539
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-22931 | Trust: 3.3 |
| db: | OPENWALL | id: | OSS-SECURITY/2022/02/07/1 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2022-005132 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202202-539 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-22931 | Trust: 0.1 |
sources:
VULMON: CVE-2022-22931 //
JVNDB: JVNDB-2022-005132 //
CNNVD: CNNVD-202202-539 //
NVD: CVE-2022-22931
REFERENCES
| url: | https://www.openwall.com/lists/oss-security/2022/02/07/1 | Trust: 2.5 |
| url: | https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-22931 | Trust: 1.4 |
| url: | https://cwe.mitre.org/data/definitions/22.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://github.com/alphabugx/cve-2022-23305 | Trust: 0.1 |
sources:
VULMON: CVE-2022-22931 //
JVNDB: JVNDB-2022-005132 //
CNNVD: CNNVD-202202-539 //
NVD: CVE-2022-22931
SOURCES
| db: | VULMON | id: | CVE-2022-22931 |
| db: | JVNDB | id: | JVNDB-2022-005132 |
| db: | CNNVD | id: | CNNVD-202202-539 |
| db: | NVD | id: | CVE-2022-22931 |
LAST UPDATE DATE
2024-11-23T22:05:04.378000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-22931 | date: | 2022-02-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-005132 | date: | 2023-05-19T02:38:00 |
| db: | CNNVD | id: | CNNVD-202202-539 | date: | 2022-02-18T00:00:00 |
| db: | NVD | id: | CVE-2022-22931 | date: | 2024-11-21T06:47:38.117 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-22931 | date: | 2022-02-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-005132 | date: | 2023-05-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-202202-539 | date: | 2022-02-07T00:00:00 |
| db: | NVD | id: | CVE-2022-22931 | date: | 2022-02-07T19:15:08.300 |