Unrated severityNVD Advisory· Published Mar 20, 2020· Updated Aug 4, 2024
CVE-2020-10194
CVE-2020-10194
Description
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zimbra/zm-mailboxdescription
- Range: <8.8.15.p8
Patches
Vulnerability mechanics
References
3- github.com/Zimbra/zm-mailbox/commit/1df440e0efa624d1772a05fb6d397d9beb4bda1emitrex_refsource_MISC
- github.com/Zimbra/zm-mailbox/compare/8.8.15.p7...8.8.15.p8mitrex_refsource_MISC
- github.com/Zimbra/zm-mailbox/pull/1020mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.