CVE-2022-37043
https://notcve.org/view.php?id=CVE-2022-37043
An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds. Se ha descubierto un problema en el componente webmail de Zimbra Collaboration Suite (ZCS) versiones 8.8.15 y 9.0. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-37042 – Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-37042
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. Zimbra Collaboration Suite (ZCS) versiones 8.8.15 y 9.0, presenta una funcionalidad mboximport que recibe un archivo ZIP y extrae archivos de él. Al omitir la autenticación (es decir, al no tener un authtoken), un atacante puede cargar archivos arbitrarios en el sistema, conllevando a un salto de directorios y una ejecución de código remota. • https://github.com/aels/CVE-2022-37042 https://github.com/0xf4n9x/CVE-2022-37042 http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-37041
https://notcve.org/view.php?id=CVE-2022-37041
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting). Se ha detectado un problema en el archivo ProxyServlet.java en el servlet /proxy de Zimbra Collaboration Suite (ZCS) versiones 8.8.15 y 9.0. El valor del encabezado X-Forwarded-Host sobrescribe el valor de la cabecera Host en las peticiones proxy. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-37393 – Zimbra zmslapd arbitrary module load
https://notcve.org/view.php?id=CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. La configuración sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con parámetros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuración definido por el usuario, que incluye plugins en forma de archivos .so, que también son ejecutadas como root. • https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit https://github.com/rapid7/metasploit-framework/pull/16807 • CWE-284: Improper Access Control •
CVE-2022-27926 – Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-27926
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el componente /public/launchNewWindow.jsp de Zimbra Collaboration (también se conoce como ZCS) versión 9.0, permite a atacantes no autenticados ejecutar un script web o HTML arbitrario por medio de parámetros de petición Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories •