Lucene search

[email protected]NVD:CVE-2023-24030

HistoryJun 15, 2023 - 9:15 p.m.

CVE-2023-24030

2023-06-1521:15:09

CWE-601

[email protected]

web.nvd.nist.gov

open redirect vulnerability

zimbra collaboration suite

/preauth servlet

exploit

auth token

preauth token

url sanitisation

similar

cve-2023-24030

cve-2021-34807

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.

Affected configurations

NVD

Node

zimbracollaborationMatch8.8.15-

zimbracollaborationMatch8.8.15p1

zimbracollaborationMatch8.8.15p10

zimbracollaborationMatch8.8.15p11

zimbracollaborationMatch8.8.15p12

zimbracollaborationMatch8.8.15p13

zimbracollaborationMatch8.8.15p14

zimbracollaborationMatch8.8.15p15

zimbracollaborationMatch8.8.15p16

zimbracollaborationMatch8.8.15p17

zimbracollaborationMatch8.8.15p18

zimbracollaborationMatch8.8.15p19

zimbracollaborationMatch8.8.15p2

zimbracollaborationMatch8.8.15p20

zimbracollaborationMatch8.8.15p21

zimbracollaborationMatch8.8.15p22

zimbracollaborationMatch8.8.15p23

zimbracollaborationMatch8.8.15p24

zimbracollaborationMatch8.8.15p25

zimbracollaborationMatch8.8.15p26

zimbracollaborationMatch8.8.15p27

zimbracollaborationMatch8.8.15p28

zimbracollaborationMatch8.8.15p29

zimbracollaborationMatch8.8.15p3

zimbracollaborationMatch8.8.15p30

zimbracollaborationMatch8.8.15p31

zimbracollaborationMatch8.8.15p32

zimbracollaborationMatch8.8.15p33

zimbracollaborationMatch8.8.15p34

zimbracollaborationMatch8.8.15p4

zimbracollaborationMatch8.8.15p5

zimbracollaborationMatch8.8.15p6

zimbracollaborationMatch8.8.15p7

zimbracollaborationMatch8.8.15p8

zimbracollaborationMatch8.8.15p9

zimbracollaborationMatch9.0.0-

zimbracollaborationMatch9.0.0p0

zimbracollaborationMatch9.0.0p1

zimbracollaborationMatch9.0.0p10

zimbracollaborationMatch9.0.0p11

zimbracollaborationMatch9.0.0p12

zimbracollaborationMatch9.0.0p13

zimbracollaborationMatch9.0.0p14

zimbracollaborationMatch9.0.0p15

zimbracollaborationMatch9.0.0p19

zimbracollaborationMatch9.0.0p2

zimbracollaborationMatch9.0.0p23

zimbracollaborationMatch9.0.0p25

zimbracollaborationMatch9.0.0p26

zimbracollaborationMatch9.0.0p27

zimbracollaborationMatch9.0.0p3

zimbracollaborationMatch9.0.0p4

zimbracollaborationMatch9.0.0p5

zimbracollaborationMatch9.0.0p6

zimbracollaborationMatch9.0.0p7

zimbracollaborationMatch9.0.0p7.1

zimbracollaborationMatch9.0.0p8

zimbracollaborationMatch9.0.0p9

References

wiki.zimbra.com/wiki/Security_Center

wiki.zimbra.com/wiki/Zimbra_Security_Advisories

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

Related for NVD:CVE-2023-24030

prion2 cve2 cvelist2 osv2 nvd1 nessus1