N/A

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.

N/A

N/A

Zimbra Collaboration Suite 跨站请求伪造漏洞

Zimbra Collaboration Suite（ZCS）是美国Synacor的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite (ZCS) 8.8.15版本、9.0版本存在跨站请求伪造漏洞，该漏洞源于在使用 preauth 时，不会在某些 POST 端点上检查跨站请求伪造令牌。

N/A

N/A