CVE-2020-10104
MEDIUMZammad 3.0-3.2 - Authenticated Exposure of Sensitive Information via URL
Title source: llmDescription
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://zammad.com/news/security-advisory-zaa-2020-04
Scores
CVSS v3
4.3
EPSS
0.0083
EPSS Percentile
52.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
zammad/zammad
1.0.0 - 3.2.0
Published
Mar 05, 2020
Tracked Since
Feb 18, 2026