CVE-2023-24030 — MEDIUM (6.1)

Vulnerability Description

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zimbra	Collaboration	8.8.15

Related Weaknesses (CWE)

CWE-601

References

https://wiki.zimbra.com/wiki/Security_CenterRelease Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
https://wiki.zimbra.com/wiki/Security_CenterRelease Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory

FAQ

What is CVE-2023-24030?

CVE-2023-24030 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra...

How severe is CVE-2023-24030?

CVE-2023-24030 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-24030?

Check the references section above for vendor advisories and patch information. Affected products include: Zimbra Collaboration.