{"id":"CVE-2022-31245","details":"mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.","modified":"2026-03-14T11:46:29.765599Z","published":"2022-05-20T15:15:10.280Z","references":[{"type":"FIX","url":"https://github.com/ly1g3/Mailcow-CVE-2022-31245"},{"type":"FIX","url":"https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-05d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mailcow/mailcow-dockerized","events":[{"introduced":"0"},{"fixed":"552f09f48aacda3a14238101c8a0f4c922ffe65f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2022-05d"}]}}],"versions":["2022-01","2022-01a","2022-03","2022-03a","2022-04","2022-05","2022-05a","2022-05b","2022-05c"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31245.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}