QwikSec

Security Database

CVE

CWE

Training

CVE-2022-41347

Published: Sep 26, 2022

Modified: May 21, 2025

PUBLISHED

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

x_refsource_MISC

https://wiki.zimbra.com/wiki/Security_Center

x_refsource_MISC

https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/

x_refsource_MISC

https://github.com/darrenmartyn/zimbra-hinginx

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.