Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-10100
An issue exists in Zammad 3.0 up to and including 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are abl...
Zammad Zammad
445
VMScore
CVE-2020-10105
An issue exists in Zammad 3.0 up to and including 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an malicious user to formulate more precise attacks. Source code was disclosed for...
Zammad Zammad
NA
CVE-2023-31597
An issue in Zammad v5.4.0 allows malicious users to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Zammad Zammad
356
VMScore
CVE-2020-26028
An issue exists in Zammad prior to 3.4.1. Admin Users without a ticket.* permission can access Tickets.
Zammad Zammad
356
VMScore
CVE-2020-26029
An issue exists in Zammad prior to 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
Zammad Zammad
668
VMScore
CVE-2020-26030
An issue exists in Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
Zammad Zammad
356
VMScore
CVE-2020-26031
An issue exists in Zammad prior to 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
Zammad Zammad
516
VMScore
CVE-2020-26033
An issue exists in Zammad prior to 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
Zammad Zammad
356
VMScore
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
312
VMScore
CVE-2020-26035
An issue exists in Zammad prior to 3.4.1. There is Stored XSS via a Tags element in a TIcket.
Zammad Zammad
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »