漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Zammad has an information disclosure in ticket detail view of customers in shared organizations
Vulnerability Description
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not intended for them at all (e.g. priority, custom ticket attributes for internal purposes). This was the case when a customer opened a ticket from another user of the same shared organization. They are not able to modify these field. This vulnerability is fixed in 7.0.1.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Zammad 访问控制错误漏洞
Vulnerability Description
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 7.0.1之前版本存在访问控制错误漏洞,该漏洞源于访问控制不当,可能导致共享组织内的客户看到不应看到的字段。
CVSS Information
N/A
Vulnerability Type
N/A