{"id":"CVE-2022-31245","details":"mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.","modified":"2026-05-28T03:54:29.339178854Z","published":"2022-05-20T14:20:21Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31245.json"},"references":[{"type":"WEB","url":"https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-05d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31245.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31245"},{"type":"PACKAGE","url":"https://github.com/ly1g3/Mailcow-CVE-2022-31245"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mailcow/mailcow-dockerized","events":[{"introduced":"0"},{"fixed":"552f09f48aacda3a14238101c8a0f4c922ffe65f"}]}],"versions":["2022-05c","2022-05b","2022-05a","2022-05","2022-03a","2022-03","2022-01a","2022-01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31245.json"}}],"schema_version":"1.7.5"}