Site icon API Security Blog

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 42, 10.0 < 10.0.10, 10.1.0 < 10.1.2 CSRF

According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site request forgery by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbra_gql_enable_dangerous_deprecated_get_method_will_be_removed, has been introduced to control these methods. The default value is not TRUE, and customers are recommended not to set it to TRUE. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More

Exit mobile version