CVE-2022-41347

Source
https://cve.org/CVERecord?id=CVE-2022-41347
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41347.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41347
Published
2022-09-26T01:29:48Z
Modified
2026-07-15T01:49:03.840681966Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41347.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
        "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "8.8.15-NA"
        },
        {
            "last_affected": "8.8.15-NA"
        },
        {
            "introduced": "9.0.0-NA"
        },
        {
            "last_affected": "9.0.0-NA"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

8.*
8.8.15-NA
9.*
9.0.0-NA

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41347.json"