In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-04-05
Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
CVSS Score
4.3
EPSS Score
0.005
Published
2024-12-09
Page 2