Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
将私有的资源传输到一个新的空间(资源泄露)
Vulnerability Title
Zammad 安全漏洞
Vulnerability Description
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 6.4.2之前版本存在安全漏洞,该漏洞源于信息泄露,可能导致客户查看和操作共享草稿。
CVSS Information
N/A
Vulnerability Type
N/A