CVE-2020-29159

Опубликовано: 28 дек. 2020

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.

Ссылки

https://github.com/zammad/zammad/commit/f0462d4c20c2968b52b5dc6a585f26c0409b4fc4
Patch
Third Party Advisory
https://zammad.com/en/advisories/zaa-2020-22
Vendor Advisory
https://github.com/zammad/zammad/commit/f0462d4c20c2968b52b5dc6a585f26c0409b4fc4
Patch
Third Party Advisory
https://zammad.com/en/advisories/zaa-2020-22
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*

Версия до 3.5.1 (исключая)

EPSS

Процентиль: 56%

0.00335

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-29159

CVSS3: 4.9

debian

около 5 лет назад

An issue was discovered in Zammad before 3.5.1. The default signup Rol ...

GHSA-vp7r-p47m-4jvg

github

больше 3 лет назад