CVE-2022-31245
CVE-2022-31245 affects mailcow series prior to 2022-05d. A remote authenticated user can inject OS commands and escalate to domain admin by abusing the Sync Jobs feature with crafted parameters (notably via --debug and either ---PIPEMESS/--PIPEMESS in imapsync). Exploitation and PoCs are describe...