CVE-2020-10105

Published: Mar 5, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html)

Affected (1)

Products: Zammad: Zammad

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	From 1.0.0 to 3.2.0

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://zammad.com/news/security-advisory-zaa-2020-09

Source: cve@mitre.org

PatchVendor Advisory

https://zammad.com/news/security-advisory-zaa-2020-09

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.