目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2022-41352 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Zimbra Collaboration Suite 路径遍历漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Zimbra Collaboration Suite(ZCS)是美国Zimbra的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite (ZCS) 8.8.15版本和9.0版本存在路径遍历漏洞。攻击者利用该漏洞通过amavisd上传任意文件,导致对其他用户帐户的错误访问。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
-n/a n/a -
二、漏洞 CVE-2022-41352 的公开POC
#POC 描述源链接神龙链接
1cve-2022-41352 pochttps://github.com/segfault-it/cve-2022-41352POC详情
2Zimbra <9.0.0.p27 RCEhttps://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rcePOC详情
3Nonehttps://github.com/aryrz/cve-2022-41352-zimbra-rcePOC详情
4Nonehttps://github.com/lolminerxmrig/cve-2022-41352-zimbra-rce-1POC详情
5Nonehttps://github.com/qailanet/cve-2022-41352-zimbra-rcePOC详情
6Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerabilityhttps://github.com/rxerium/CVE-2022-41352POC详情
7Nonehttps://github.com/MuhammadWaseem29/cve-2022-41352POC详情
8An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio. https://github.com/projectdiscovery/nuclei-templates/blob/main/passive/cves/2022/CVE-2022-41352.yamlPOC详情
9An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-41352.yamlPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2022-41352 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2022-41352

暂无评论

发表评论