CVE-2024-33535

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-33535

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33535.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33535

Published

2024-08-12T15:15:20.570Z

Modified

2026-04-10T05:12:40.093491Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type

GIT

Repo

https://github.com/zimbra/zm-build

Events

Introduced

Last affected

b6cd8f69d2761c014d4a3807f0bdee0011386444

Introduced

Last affected

de2eedbbdb8d58c34aac58dbf3866ae721f039eb

Introduced

Last affected

5561a39cba0898c3bb5e188284d98f498d7a3c9a

Introduced

Last affected

5561a39cba0898c3bb5e188284d98f498d7a3c9a

Introduced

Last affected

d3209df466110d214b2ab6593f931a59c2127db8

Introduced

Last affected

c8a93da38fd1572d864c1becbcc772ba91ee4403

Introduced

Last affected

202d83762fca70b7403c144e1fedddc6cd4930a6

Introduced

Last affected

a163a5dc09ec091fed86421118ec56c90384997a

Introduced

Last affected

b2faf1c074bf6e2f4f76acd11b9ad5a0b4caec40

Introduced

Last affected

9173353f25559ed524c7a40c799056c01c3418d4

Introduced

Last affected

c27b145236b09c5487259d943dd54ffdea0ccbb3

Introduced

Last affected

8d7f3750f42f0a59d61c1b44d8df1000a52ce9f2

Introduced

Last affected

bc50e7d47c56532b226a1c88c8011127e006940b

Introduced

Last affected

03d99a16095b73a73770fbb6131d10234cfc13fd

Introduced

Last affected

bcb978ccc354d99d843725886083e321759b6765

Introduced

Last affected

b20d016c829af1c0ffbaa0545c1deb96ccd5e2e5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p26"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p27"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p33"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p36"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p37"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p38"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p7\\.1"
        }
    ]
}

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.10

8.8.12

8.8.2

8.8.3

8.8.4

8.8.6

8.8.7

8.8.8

8.8.9

8.8.9.p1

8.8.9.p3

9.*

9.0.0

9.0.0.U20

9.0.0.p0

9.0.0.p19

9.0.0.p23

9.0.0.p25

9.0.0.p26

9.0.0.p27

9.0.0.p28

9.0.0.p33

9.0.0.p36

9.0.0.p37

9.0.0.p38

9.0.0.p4

9.0.0.p7

9.0.0.p7.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33535.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "10.0.0"
            },
            {
                "fixed": "10.0.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p13"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p14"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p15"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p16"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p21"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p24"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p24\\.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p9"
            }
        ]
    }
]