CVE-2022-45935

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-45935

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45935.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-45935

Aliases

GHSA-v6vp-62vc-84qw

Related

CGA-vj69-5755-v554

Published

2023-01-06T10:15:10Z

Modified

2024-09-03T04:21:11.446987Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit.

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

References

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Affected packages

Git / github.com/apache/james-project

Affected ranges

Type: GIT
Repo: https://github.com/apache/james-project
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

41014d3eec695491da5b6eb1949d252c7c5ceb0f

Affected versions

Other

cassandra_migration_v1_to_v2

james-project-3.*

james-project-3.0-beta5

james-project-3.0.0

james-project-3.0.0-RC1

james-project-3.0.0-beta5

james-project-3.3.0

james-project-3.4.0

james-project-3.7.0

james-project-3.7.1

james-project-3.7.2

pre-3.*

pre-3.1.0