CVE-2022-45935 – org.apache.james:james-server

Package

Manager: maven
Name: org.apache.james:james-server
Vulnerable Version: >=0 <=3.7.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00025 pctl0.05296

Details

Apache James server allows an attacker with local access to access private user data in transit Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Metadata

Created: 2023-01-06T12:31:34Z
Modified: 2023-01-12T16:48:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-v6vp-62vc-84qw/GHSA-v6vp-62vc-84qw.json
CWE IDs: ["CWE-200", "CWE-319", "CWE-668"]
Alternative ID: GHSA-v6vp-62vc-84qw
Finding: F017
Auto approve: 1