QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10194

Published: Mar 20, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Zimbra/zm-mailbox/compare/8.8.15.p7...8.8.15.p8

x_refsource_MISC

https://github.com/Zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1e

x_refsource_MISC

https://github.com/Zimbra/zm-mailbox/pull/1020

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2020-10194 - Security Vulnerability | QwikSec