CVE-2022-3569

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-271
View all →

Vulnerability Description

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

Related Vulnerabilities

CVE-2025-23395

HIGH
CVSS:7.8(High)

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root...

CWE-2712025

CVE-2024-0985

HIGH
CVSS:8.0(High)

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions ...

CWE-2712024

CVE-2024-35179

MEDIUM
CVSS:6.8(Medium)

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This is...

CWE-2712024

CVE-2023-22648

HIGH
CVSS:8.8(High)

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to ...

CWE-2712023

CVE-2023-22648

HIGH
CVSS:8.8(High)

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to ...

CWE-2712023

CVE-2024-0985

HIGH
CVSS:8.0(High)

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions ...

CWE-2712024