cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.
{
"cpe": [
"cpe:2.3:a:zimbra:zm-mailbox:*:*:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:-:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch1:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch2:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch3:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch4:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch5:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch6:*:*:*:*:*:*",
"cpe:2.3:a:zimbra:zm-mailbox:8.8.15:patch7:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "8.8.15"
},
{
"introduced": "8.8.15-NA"
},
{
"last_affected": "8.8.15-NA"
},
{
"introduced": "8.8.15-patch1"
},
{
"last_affected": "8.8.15-patch1"
},
{
"introduced": "8.8.15-patch2"
},
{
"last_affected": "8.8.15-patch2"
},
{
"introduced": "8.8.15-patch3"
},
{
"last_affected": "8.8.15-patch3"
},
{
"introduced": "8.8.15-patch4"
},
{
"last_affected": "8.8.15-patch4"
},
{
"introduced": "8.8.15-patch5"
},
{
"last_affected": "8.8.15-patch5"
},
{
"introduced": "8.8.15-patch6"
},
{
"last_affected": "8.8.15-patch6"
},
{
"introduced": "8.8.15-patch7"
},
{
"last_affected": "8.8.15-patch7"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}[
{
"source": "https://github.com/zimbra/zm-mailbox/commit/d30e647f21ecef5490f21facf2e06e228b44a36e",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "130804680382483964301386928646396783356",
"length": 461.0
},
"deprecated": false,
"id": "CVE-2020-10194-4314dc38",
"target": {
"function": "updateLastLogon",
"file": "store/src/java/com/zimbra/cs/account/ldap/LdapProvisioning.java"
}
},
{
"source": "https://github.com/zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1e",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"229517679686205523715402217324700394259",
"56981330284956748620401296164109700603",
"336897459929083016848280167708331261784",
"87588029407074370430861276684829618465",
"103335325727630520655163700639494496382",
"253093700081280273806403364256489052188"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-10194-81b4ab0b",
"target": {
"file": "store/src/java/com/zimbra/cs/service/account/AutoCompleteGal.java"
}
},
{
"source": "https://github.com/zimbra/zm-mailbox/commit/d30e647f21ecef5490f21facf2e06e228b44a36e",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"35532726304441886843822597725517922529",
"86869606749296562789619135716824747966",
"329209388892522800440224682947664957145",
"301198994465565842404478996247629867721",
"249110717571679374632676844697594286961",
"165150619554600532748713227738510509377",
"135793442757343879754509969633552703576",
"99023990949396355242231588957425096724"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-10194-96c6e311",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ldap/LdapProvisioning.java"
}
},
{
"source": "https://github.com/zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1e",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "121930347612280065506370044909784702061",
"length": 1002.0
},
"deprecated": false,
"id": "CVE-2020-10194-aa5bbd03",
"target": {
"function": "handle",
"file": "store/src/java/com/zimbra/cs/service/account/AutoCompleteGal.java"
}
}
]
"2026-07-08T20:30:09Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10194.json"