CVE-2022-31245

Published May 20th, 2022

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

HIGH

Affected

PROJECTS

Description

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.

mailcow/mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕

GitHub

12.9K

ly1g3/Mailcow-CVE-2022-31245

CVE-2022-31245: RCE and domain admin privilege escalation for Mailcow

GitHub