CVE-2020-10194

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-10194
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10194.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10194
Published
2020-03-20T21:15:17Z
Modified
2025-01-15T01:42:39.273420Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.

References

Affected packages

Git / github.com/zimbra/zm-mailbox

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-mailbox
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

8.*

8.7.10
8.7.11
8.7.6
8.7.7
8.7.9
8.8.0.beta1
8.8.10
8.8.11
8.8.12
8.8.15
8.8.15.p1
8.8.15.p2
8.8.15.p3
8.8.15.p4
8.8.15.p5
8.8.15.p6
8.8.15.p7
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.8.7
8.8.8
8.8.9