Описание
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zammad:zammad:5.2.0:-:*:*:*:*:*:*
cpe:2.3:a:zammad:zammad:5.2.0:alpha:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00805
Низкий
7.5 High
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 7.5
debian
больше 3 лет назад
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...
CVSS3: 7.5
github
больше 3 лет назад
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.
EPSS
Процентиль: 74%
0.00805
Низкий
7.5 High
CVSS3
Дефекты
CWE-863