CVE-2020-10104

Published: Mar 5, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.

Affected (1)

Products: Zammad: Zammad

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	From 1.0.0 to 3.2.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://zammad.com/news/security-advisory-zaa-2020-04

Source: cve@mitre.org

PatchVendor Advisory

https://zammad.com/news/security-advisory-zaa-2020-04

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.