CVE-2023-24030

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite versions 8.8.15 through 9.0

Description An open redirect issue exists in the /preauth Servlet, allowing an attacker to redirect a user to any URL if URL sanitization is bypassed in incoming requests. To exploit this, an attacker would need a valid Zimbra auth token or a valid preauth token. This could enable a remote attacker to redirect a user to an arbitrary URL.

Recommendations For Zimbra Collaboration Suite versions 8.8.15 through 9.0, consider implementing proper URL sanitization for incoming requests to the /preauth Servlet to prevent redirection to unauthorized sites. Additionally, restrict access to the /preauth Servlet to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.