GCVE - cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*

part: a version: * update: *

Vendor	Zscaler (`8b33ada7-550b-5f0e-9389-e0b74c251549`)
Product	Client Connector (`bb852fb1-4e37-50bb-bf86-92fbacf5703d`)
Edition	*
Language	*
Software edition	*
Target software	linux
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3661`	vulnerable	2026-06-08 06:43:51.146456	DHCP routing options can manipulate interface-based VPN traffic HIGH (7.6) DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Published: 2024-05-06T18:31:21.217Z Updated: 2024-08-28T19:09:06.995Z Open on db.gcve.eu Reference links https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://tunnelvisionbug.com/ https://www.leviathansecurity.com/research/tunnelvision https://news.ycombinator.com/item?id=40279632	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28805`	vulnerable	2026-06-08 06:02:35.783271	ZCC on Linux privilege escalation MEDIUM (6.7) An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 Published: 2023-10-23T13:33:57.278Z Updated: 2025-02-27T20:39:25.528Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28804`	vulnerable	2026-06-08 06:02:35.782786	Linux ZCC allows unsigned updates, allowing elevated Code Execution HIGH (8.2) An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 Published: 2023-10-23T13:33:19.903Z Updated: 2024-10-17T15:09:55.800Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28800`	vulnerable	2026-06-08 06:02:35.775702	Output encoding missing in redrurl parameter HIGH (8.1) When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. Published: 2023-06-22T19:15:55.258Z Updated: 2024-12-06T15:13:35.280Z Open on db.gcve.eu Reference links https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28799`	vulnerable	2026-06-08 06:02:35.765710	Details available HIGH (8.2) A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. Published: 2023-06-22T19:06:24.943Z Updated: 2024-12-05T17:43:58.739Z Open on db.gcve.eu Reference links https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=Windows&applicable_version=3.7&deployment_date=2021-11-26&id=1386541 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Chrome%20OS&applicable_version=1.10.1&deployment_date=2023-03-10&id=1447771 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Android&applicable_version=1.10.2&deployment_date=2023-03-09&id=1447706 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=iOS&applicable_version=1.9.3&deployment_date=2023-03-03&id=1447071 https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.4&deployment_date=2022-10-31&id=1420246	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28796`	vulnerable	2026-06-08 06:02:35.758044	IPC Bypass Through PLT Section in ELF HIGH (7.1) Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. Published: 2023-10-23T13:28:15.790Z Updated: 2025-02-27T20:39:40.997Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28795`	vulnerable	2026-06-08 06:02:35.757462	Client IPC validation bypass HIGH (7.8) Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. Published: 2023-10-23T13:27:24.262Z Updated: 2025-02-27T20:39:47.550Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28794`	vulnerable	2026-06-08 06:02:35.756977	PAC Files Exposed to Internet Websites MEDIUM (4.3) Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. Published: 2023-11-06T07:19:25.606Z Updated: 2024-09-05T13:57:13.283Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28793`	vulnerable	2026-06-08 06:02:35.756275	Heap Based Buffer Overflow in Library HIGH (7.8) Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. Published: 2023-10-23T13:26:08.391Z Updated: 2025-02-27T20:39:54.588Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.