Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2020-29159
An issue exists in Zammad prior to 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
Zammad Zammad
4.3
CVSSv3
CVE-2023-50457
An issue exists in Zammad prior to 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
4.3
CVSSv3
CVE-2022-48022
An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.
Zammad Zammad 5.3.0
4.3
CVSSv3
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated malicious user to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
Zammad Zammad 5.3.0
4.3
CVSSv3
CVE-2022-40817
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2...
Zammad Zammad
4.3
CVSSv3
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Zammad Zammad
4.3
CVSSv3
CVE-2021-35300
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote malicious users to manipulate users into visiting the attackers' page.
Zammad Zammad
4.3
CVSSv3
CVE-2020-26031
An issue exists in Zammad prior to 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
Zammad Zammad
4.3
CVSSv3
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
4.3
CVSSv3
CVE-2020-29158
An issue exists in Zammad prior to 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »