CVE-2022-22931: Path traversal in Apache James

[Benoit Tellier <btellier () apache org>]

Severity: moderate

Description:

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations.

Affected implementations include:
 - maildir mailbox store
 - Sieve file repository

This enables a user to access other users data stores (limited to user names being prefixed by the value of the 
username being used).

Mitigation:

This had been fixed in Apache James 3.6.2.

Credit:

These issues were discovered and reported by GHSL team member Jaroslav Lobačevski