CVE-2023-24032

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24032

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24032.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-24032

Published

2023-06-15T21:15:09.593Z

Modified

2025-11-15T06:31:26.095808Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-build
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

03d99a16095b73a73770fbb6131d10234cfc13fd

Last affected

0e40da921adb967639011de45841cef4c4601413

Last affected

202d83762fca70b7403c144e1fedddc6cd4930a6

Last affected

29eea219faf34718f0ef1cda7c3f02c89910c96c

Last affected

3dbd48fe84d22132463b3758e3a40be19267fc9f

Last affected

5561a39cba0898c3bb5e188284d98f498d7a3c9a

Last affected

5ae8f73501330bc788daed9c82c1222857d85b8b

Last affected

62480d2f6aace77ee01bb4b8f46a3eff49cbdfd3

Last affected

6c2b2cd41fa3625cbd1c12f4e14e07eece395a31

Last affected

71b1626efff0a90ba64ff3e5ab192683e6dccc9a

Last affected

905970576d6fe337150f09c0ad7a0f53aa1a8f42

Last affected

9173353f25559ed524c7a40c799056c01c3418d4

Last affected

a163a5dc09ec091fed86421118ec56c90384997a

Last affected

ac6081fa002b1511e926aba37740d2b6c20f3f43

Last affected

b20d016c829af1c0ffbaa0545c1deb96ccd5e2e5

Last affected

b2faf1c074bf6e2f4f76acd11b9ad5a0b4caec40

Last affected

b6cd8f69d2761c014d4a3807f0bdee0011386444

Last affected

b7209ef3fd859fda5537cc7fbfdeb97cbd1ab931

Last affected

bcb978ccc354d99d843725886083e321759b6765

Last affected

c8a93da38fd1572d864c1becbcc772ba91ee4403

Last affected

dbb831c2de39b20cda7ea1e0063645d3cb6d1770

Last affected

de2eedbbdb8d58c34aac58dbf3866ae721f039eb

Last affected

fe985a33cb83f82816a1e8f93d8d864112a6504e

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.10

8.8.11

8.8.11.p3

8.8.12

8.8.15

8.8.15.p3

8.8.15.p5

8.8.2

8.8.3

8.8.4

8.8.6

8.8.7

8.8.8

8.8.9

8.8.9.p1

8.8.9.p3

9.*

9.0.0

9.0.0.p4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24032.json"