Sedara Security Bulletin: Zimbra
Summary:
Zimbra Collaboration Suite version 8.8.15 is vulnerable to a reflected cross-site scripting (XSS) flaw, due to inadequate input sanitization. Zimbra is a popular open-source email software package. The flaw could allow a remote authenticated attacker to steal sensitive user information or execute malicious code on user systems. Attacks exploiting this flaw have been seen in the wild by security researchers.
This flaw has been assigned the CVE identifier CVE-2023-34192. It is considered critical, with a CVSS (severity) rating of 9.0.
Mitigation & Patching:
Zimbra has released a patch for this bug, which is planned to be delivered in the July patch release.
However, Zimbra has released instructions to apply a fix manually. These steps are provided directly from https://info.zimbra.com/security-update-zimbra-collaboration-suite-version-8.8.15-important :
Steps to apply the fix manually on mailbox nodes:
- Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
- Edit this file and go to line number 40.
- Before the update, the line should appear as below:
- Update the line to appear as below:
The inclusion of the escapeXml() function sanitizes user-inputted data by escaping special characters used in XML markup, preventing an XSS attack from succeeding.
More Reading On this Threat
Security Update for Zimbra Collaboration Suite Version 8.8.15:
https://info.zimbra.com/security-update-zimbra-collaboration-suite-version-8.8.15-important
How can Sedara Help?
Sedara’s vCISOs can provide you ongoing supervision and support to stay updated on the latest security incidents. Our vCISOs are your “cybersecurity sidekick,” helping you improve your overall cybersecurity posture by adopting new security controls and mitigating risk.