First published: Mon Oct 17 2022(Updated: )
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
Credit: cve@rapid7.con cve@rapid7.con
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | <=9.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3569 is a vulnerability in Zimbra Collaboration Suite (ZCS) that allows local privilege escalation.
The severity of CVE-2022-3569 is high, with a CVSS score of 7.8.
Versions 9.0.0 and prior of Zimbra Collaboration Suite are affected by CVE-2022-3569.
CVE-2022-3569 is caused by incorrect sudo permissions, allowing the 'zimbra' user to run arbitrary commands as 'root'.
To fix CVE-2022-3569, update Zimbra Collaboration Suite to a version that is not affected by the vulnerability.