CVE-2022-22931

MEDIUM

Apache James < 3.6.2 - Path Traversal in Maildir Mailbox Store and Sieve File Repository

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22931. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-22931, which is a vulnerability in Apache James. The exploit targets the Cassandra backend components, specifically focusing on data definition and table management.

Description

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

Exploits (1)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/asf__james-project_CVE-2022-22931_3-6-0

This repository contains a proof-of-concept exploit for CVE-2022-22931, which is a vulnerability in Apache James. The exploit targets the Cassandra backend components, specifically focusing on data definition and table management.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache James 3.6.0
No auth needed
Prerequisites: Access to the target Apache James server · Cassandra backend configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2022/02/07/1

Scores

CVSS v3 4.3
EPSS 0.0283
EPSS Percentile 86.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
apache/james 3.6.1
org.apache.james/james-server 0 - 3.6.2Maven
Published Feb 07, 2022
Tracked Since Feb 18, 2026