Описание
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user).
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zammad:zammad:6.3.0:-:*:*:*:*:*:*
cpe:2.3:a:zammad:zammad:6.3.0:alpha:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00091
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 6.7
debian
больше 1 года назад
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with ...
CVSS3: 6.7
github
больше 1 года назад
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user).
EPSS
Процентиль: 26%
0.00091
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-94