CVE-2020-10194
Summary
| CVE | CVE-2020-10194 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-03-20 21:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request. |
Risk And Classification
Problem Types: CWE-862
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zimbra | Zm-mailbox | All | All | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | - | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch1 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch2 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch3 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch4 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch5 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch6 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch7 | All | All |
| Application | Zimbra | Zm-mailbox | All | All | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | - | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch1 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch2 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch3 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch4 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch5 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch6 | All | All |
| Application | Zimbra | Zm-mailbox | 8.8.15 | patch7 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Comparing 8.8.15.p7...8.8.15.p8 · Zimbra/zm-mailbox · GitHub | MISC | github.com | Patch, Third Party Advisory |
| ZBUG-1094:Broken GAL search filtering by sneha-patil-synacor · Pull Request #1020 · Zimbra/zm-mailbox · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| ZBUG-1094:Broken GAL search filtering · Zimbra/zm-mailbox@1df440e · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.