mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.9 KiB
1.9 KiB
CVE-2022-41352
Description
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
POC
Reference
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PyterSmithDarkGhost/ZERODAYCVE-2022-41352ZIMBRA
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/aryrz/cve-2022-41352-zimbra-rce
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/lolminerxmrig/cve-2022-41352-zimbra-rce-1
- https://github.com/manas3c/CVE-POC
- https://github.com/miladshakerdn/zimbra_old
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/qailanet/cve-2022-41352-zimbra-rce
- https://github.com/rxerium/CVE-2022-41352
- https://github.com/rxerium/stars
- https://github.com/segfault-it/cve-2022-41352
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve