CVE-2020-10097
MEDIUMZammad 3.0-3.2 - Sensitive Information Disclosure via Verbose Error Messages
Title source: llmDescription
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://zammad.com/news/security-advisory-zaa-2020-10
Scores
CVSS v3
5.3
EPSS
0.0090
EPSS Percentile
54.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (1)
zammad/zammad
1.0.0 - 3.2.0
Published
Mar 05, 2020
Tracked Since
Feb 18, 2026