VDB

CVE-2023-24030

CVE-2023-24030 PUBLISHED CVSS 6.099999904632568 MEDIUM

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.

EPSS 0.12% · 31.1th percentile

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.12%
31.1th percentile

Affected Products

VendorProductVersions
zimbracollaboration9.0.0, 8.8.15, 8.8.15
n/an/an/a

Exploit Intelligence

Timeline

  • Mar 21, 2023 CVE Published
  • Jun 16, 2023 EPSS Score
  • Jul 21, 2023 EPSS Score
  • Aug 26, 2023 EPSS Score
  • Sep 30, 2023 EPSS Score
  • Nov 5, 2023 EPSS Score
  • Dec 10, 2023 EPSS Score
  • Jan 15, 2024 EPSS Score
  • Feb 19, 2024 EPSS Score
  • Mar 26, 2024 EPSS Score
  • Apr 30, 2024 EPSS Score
  • Jun 5, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›