SSRF Vulnerability in Zammad Affecting Version Prior to 3.4.1
CVE-2020-26032

7.5HIGH

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 28 December 2020

What is CVE-2020-26032?

A security flaw exists in Zammad that allows an attacker to exploit the SMS configuration interface for Massenversand. This implementation inadequately handles requests, permitting the disclosure of sensitive information. By sending a crafted GET request, an attacker can retrieve data from internal network systems, exposing potentially critical information from the organization's intranet. Timely updates to version 3.4.1 or later are essential to mitigate this risk.

References

https://zammad.com/news/security-advisory-zaa-2020-15

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2020
Vulnerability Reserved
Sep 24, 2020

CVE-2020-26032 Data

JSON