Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zammad 安全漏洞
Vulnerability Description
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 5.2.1版本存在安全漏洞,该漏洞源于容易受到不正确的访问控制,Zammad的资产处理机制具有确保客户用户无法看到其他用户个人信息的逻辑,此逻辑在通过Web套接字连接使用时无效,因此登录的攻击者将能够通过查询Zammad API来获取其他用户的个人数据。
CVSS Information
N/A
Vulnerability Type
N/A