Описание
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.2.0 (включая) до 6.3.0 (исключая)
Одно из
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
cpe:2.3:a:zammad:zammad:6.3.0:alpha:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00332
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 9.1
debian
почти 2 года назад
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...
CVSS3: 9.1
github
почти 2 года назад
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to.
EPSS
Процентиль: 56%
0.00332
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-639