Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Zammad'
2023-12-10
CVE-2023-50453
CWE-noinfo
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.
CVE-2023-50454
CWE-295
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
CVE-2023-50455
CWE-770
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
CVE-2023-50456
CWE-noinfo
An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.
CVE-2023-50457
CWE-863
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
2022-02-04
CVE-2021-43145
CWE-863
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.
CVE-2021-44886
CWE-668
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.
2021-10-11
CVE-2021-42137
CWE-269
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
2021-10-07
CVE-2021-42092
CWE-79
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
CVE-2021-42093
NVD-CWE-noinfo
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Zammad' 
Polish
English