CVE Vulnerability

CVE-2022-41352

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories Vendor Advisory
https://wiki.zimbra.com/wiki/Security_Center Patch Release Notes
https://forums.zimbra.org/viewtopic.php?t=71153&p=306532 Mitigation Vendor Advisory
http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
Information

Published : 2022-09-26 02:15

Updated : 2022-11-09 08:42

NVD link : CVE-2022-41352

Mitre link : CVE-2022-41352

Products Affected
No products.
CWE
CWE-434