Описание
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.4.1 (исключая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00105
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 6.5
debian
больше 2 лет назад
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...
CVSS3: 6.5
github
больше 2 лет назад
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
EPSS
Процентиль: 29%
0.00105
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
CWE-863