Upgrade zimbra desktop from 7.2.211/30/2022 ![]() The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.Īn issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. #Upgrade zimbra desktop from 7.2.2 codeBy bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. #Upgrade zimbra desktop from 7.2.2 archiveZimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. The CSRF token is omitted from the request, but the request still succeeds. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. When using preauth, CSRF tokens are not checked on some POST endpoints. In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.Īn issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of. Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.Īn issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). This allows executing arbitrary JavaScript on the victim's machine.Īn issue was discovered in Zimbra Collaboration (ZCS) 9.0. In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). Once pax is installed, amavisd automatically prefers it over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |