QwikSec

Security Database

CVE

CWE

Training

CVE-2022-3569

Published: Oct 17, 2022

Modified: May 13, 2025

PUBLISHED

Description

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

Vendor	Product	Versions
Synacor	Zimbra Collaboration Suite (ZCS)	affected `9.0.0 - <= 9.0.0`

Weaknesses (CWE)

References

https://twitter.com/ldsopreload/status/1580539318879547392

https://github.com/rapid7/metasploit-framework/pull/17141

http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.