CVE-2022-31245

2022-05-2015:15:10

Google

osv.dev

mailcow

os command injection

privilege escalation

sync jobs

AI Score

Confidence

Low

EPSS

0.005

Percentile

77.3%

JSON

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the —PIPEMESS option in Sync Jobs.

References

github.com/ly1g3/Mailcow-CVE-2022-31245

github.com/mailcow/mailcow-dockerized/releases/tag/2022-05d