CVE-2024-33535

12.08.2024, 15:15

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
zimbra	collaboration	10.0.0 ≤ 𝑥 < 10.0.8
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0:p0
zimbra	collaboration	9.0.0:p1
zimbra	collaboration	9.0.0:p10
zimbra	collaboration	9.0.0:p11
zimbra	collaboration	9.0.0:p12
zimbra	collaboration	9.0.0:p13
zimbra	collaboration	9.0.0:p14
zimbra	collaboration	9.0.0:p15
zimbra	collaboration	9.0.0:p16
zimbra	collaboration	9.0.0:p19
zimbra	collaboration	9.0.0:p2
zimbra	collaboration	9.0.0:p20
zimbra	collaboration	9.0.0:p21
zimbra	collaboration	9.0.0:p23
zimbra	collaboration	9.0.0:p24
zimbra	collaboration	9.0.0:p24.1
zimbra	collaboration	9.0.0:p25
zimbra	collaboration	9.0.0:p26
zimbra	collaboration	9.0.0:p27
zimbra	collaboration	9.0.0:p3
zimbra	collaboration	9.0.0:p30
zimbra	collaboration	9.0.0:p31
zimbra	collaboration	9.0.0:p32
zimbra	collaboration	9.0.0:p33
zimbra	collaboration	9.0.0:p34
zimbra	collaboration	9.0.0:p35
zimbra	collaboration	9.0.0:p36
zimbra	collaboration	9.0.0:p37
zimbra	collaboration	9.0.0:p38
zimbra	collaboration	9.0.0:p39
zimbra	collaboration	9.0.0:p4
zimbra	collaboration	9.0.0:p5
zimbra	collaboration	9.0.0:p6
zimbra	collaboration	9.0.0:p7
zimbra	collaboration	9.0.0:p7.1
zimbra	collaboration	9.0.0:p8
zimbra	collaboration	9.0.0:p9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes