Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-28
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-12-28
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-12-28
An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-28
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
CVSS Score
4.3
EPSS Score
0.001
Published
2020-12-28
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-28
An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-12-28
An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-12-28
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-12-28
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-12-28