Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account

[vc_row][vc_column][vc_column_text]

Wisconsin Rapids Overview :

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.

ZBUG-1094:Broken GAL search filtering #1020

Issue:
Any authenticated user can request any GAL account

Fix:
Added condition to check if the authenticated account is on same domain as that of galsync account in request. If not, throw permission denied.

Testing done:
Manual testing done with user and galsync account on different domains

[/vc_column_text][/vc_column][/vc_row]

Contact us to get started

CVE-2023-4291 : Frauscher Sensortechnik FDS101 For FAdC 1.4.24 Code Injection

Description Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE)

Learn more

CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation

Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,

Learn more

CVE-2023-42454 : SQLpage Up To 0.11.0 Database Connection String sqlpage/sqlpage.json Information Disclosure

Description SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly,

Learn more

Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account

ZBUG-1094:Broken GAL search filtering #1020

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-4291 : Frauscher Sensortechnik FDS101 For FAdC 1.4.24 Code Injection

CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation

CVE-2023-42454 : SQLpage Up To 0.11.0 Database Connection String sqlpage/sqlpage.json Information Disclosure