Описание
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.0 (включая) до 3.2.0 (включая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00323
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 4.3
debian
почти 6 лет назад
An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...
github
больше 3 лет назад
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
EPSS
Процентиль: 55%
0.00323
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200