GHSA-v6vp-62vc-84qw

Source

https://github.com/advisories/GHSA-v6vp-62vc-84qw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-v6vp-62vc-84qw/GHSA-v6vp-62vc-84qw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v6vp-62vc-84qw

Aliases

CVE-2022-45935

Related

CGA-vj69-5755-v554

Published

2023-01-06T12:31:34Z

Modified

2024-02-16T08:15:40.098484Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Apache James server allows an attacker with local access to access private user data in transit

Details

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Database specific

{
    "nvd_published_at": "2023-01-06T10:15:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-319",
        "CWE-668"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-09T20:12:10Z"
}

References

Affected packages

Maven / org.apache.james:james-server

Package

Name: org.apache.james:james-server; View open source insights on deps.dev
Purl: pkg:maven/org.apache.james/james-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.7.2

Affected versions

3.*

3.0-beta2

3.0-beta3

3.0-beta4

3.0.0-beta5

3.0-M1

3.0-M2

3.0.0-RC1

3.0.0

3.0.1

3.1.0

3.2.0

3.3.0

3.4.0

3.5.0

3.6.0

3.6.2

3.7.0

3.7.1

3.7.2