CVE | CVE-2022-41347 |
CVE Title | |
Published Date | 2022-09-26T02:15Z |
Modified Date | 2022-09-28T17:04Z |
CWE Type | NVD-CWE-noinfo |
CVSS 3.x | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Description | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories |
Reference Description | MISC https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories |
Reference URL | https://wiki.zimbra.com/wiki/Security_Center |
Reference Description | MISC https://wiki.zimbra.com/wiki/Security_Center |
Reference URL | https://github.com/darrenmartyn/zimbra-hinginx |
Reference Description | MISC https://github.com/darrenmartyn/zimbra-hinginx |
Reference URL | https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/ |
Reference Description | MISC https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/ |
Tags | Vendor Advisory |
Sources | NIST MITRE |