An issue exists in Zammad 3.0 up to and including 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an malicious user to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad |