CVE-2024-9665

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Published Nov 22, 2024
CWE ID 352

Summary

CVE-2024-9665 is a Cross-Site Request Forgery (CSRF) Information Disclosure vulnerability affecting Zimbra installations. This issue exposes sensitive information on targeted email accounts when users open malicious email messages. The root cause lies in the graphql endpoint's insufficient protection against CSRF attacks, allowing unauthorized data access. Zimbra users are advised to apply patches as soon as possible to mitigate this risk. [ 1. CVE-2024-9665: A new Cross-Site Request Forgery (CSRF) Information Disclosure vulnerability has been identified in Zimbra. 2. This vulnerability allows unauthorized disclosure of sensitive information from affected email accounts. 3. Exploitation of this vulnerability requires users to open a malicious email message. 4. The vulnerability is located in the implementation of the graphql endpoint. 5. The endpoint lacks proper CSRF protections, making it susceptible to CSRF attacks that can lead to information disclosure. ]

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share