Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zammad has a Server-side request forgery (SSRF) via webhooks
Vulnerability Description
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme (HTTP/HTTPS) as well as the hostname was checked. This could end up in retrieving confidential metadata of cloud/hosting providers. The existing check is now extended and is applied when configuring webhooks as well as triggering webhook jobs. This vulnerability is fixed in 7.0.1 and 6.5.4.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Zammad 代码问题漏洞
Vulnerability Description
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 7.0.1之前版本和6.5.4之前版本存在代码问题漏洞,该漏洞源于Webhook模型缺少对回环地址的验证,可能导致检索云服务提供商的机密元数据。
CVSS Information
N/A
Vulnerability Type
N/A