Skip to main content

Zed CVE-2023-50440

MEDIUM
Improper Access Control (CWE-284)
2023-12-13 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 13, 2023 - 21:15 nvd
MEDIUM 5.5

DescriptionNVD

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

AnalysisAI

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. Affected products include: Primx Zed\!, Primx Zedmail, Primx Zonecentral. Version information: before 2023.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Zed

View all
CVE-2026-27976 HIGH POC
8.8 Feb 26

Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]

CVE-2026-27800 HIGH POC
7.4 Feb 26

Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitiz

CVE-2026-27967 HIGH POC
7.1 Feb 26

Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers

CVE-2026-25805 MEDIUM POC
6.4 Feb 10

Zed Editor versions prior to 0.219.4 fail to display tool invocation parameters during permission prompts or after execu

CVE-2018-16518 CRITICAL
9.8 Sep 05

A directory traversal vulnerability with remote code execution in Prim'X Zed!. Rated critical severity (CVSS 9.8), this

CVE-2026-44465 HIGH
8.6 May 28

Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malici

CVE-2026-44463 HIGH
8.6 May 28

Arbitrary code execution in the Zed code editor (versions prior to 0.229.0) is possible by abusing its terminal tool per

CVE-2026-44466 HIGH
8.6 May 28

Command injection in Zed code editor versions prior to 0.229.0 allows bypass of the terminal tool's permission allowlist

CVE-2026-44461 HIGH
8.6 May 28

Remote command execution in Zed code editor versions prior to 0.227.1 occurs when opening SSH or WSL remote terminals be

CVE-2023-50444 HIGH
7.5 Dec 13

By default, .ZED containers produced by PRIMX ZED!. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2026-44462 MEDIUM
6.4 May 28

{var@P} prompt-string operator. Zed's terminal tool system enforces command-prefix allowlists to control what commands c

CVE-2023-50439 MEDIUM
5.3 Dec 13

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no

Share

CVE-2023-50440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy