Skip to main content

Mailcow CVE-2022-31245

HIGH
OS Command Injection (CWE-78)
2022-05-20 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 20, 2022 - 15:15 nvd
HIGH 8.8

DescriptionNVD

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.

AnalysisAI

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. Affected products include: Mailcow Mailcow\. Version information: before 2022.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2017-8928 HIGH POC
8.8 May 14

mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. Rated high severity (CVSS 8.8), this vulner

CVE-2023-26490 HIGH POC
8.8 Mar 04

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS

CVE-2022-31138 HIGH POC
8.8 Jul 11

mailcow is a mailserver suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack co

CVE-2025-25198 HIGH POC
7.1 Feb 12

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner

CVE-2022-39258 HIGH POC
8.2 Sep 27

mailcow is a mailserver suite. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentica

CVE-2024-30270 MEDIUM POC
6.2 Apr 04

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.2), this vuln

CVE-2024-31204 MEDIUM POC
6.1 Apr 04

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1). Public ex

CVE-2023-34108 HIGH
8.8 Jun 07

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI f

CVE-2024-24760 HIGH
7.3 Feb 02

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS

CVE-2024-41958 HIGH
7.2 Aug 05

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.2), this vulner

CVE-2024-23824 LOW POC
2.7 Feb 02

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated low severity (CVSS

CVE-2024-41959 MEDIUM
6.1 Aug 05

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1), this vuln

Share

CVE-2022-31245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy