ZAA-2021-02 Security Advisory ID: ZAA-2021-02 Date: 06/08/2020 Title: Password written to logs when probing email connection Severity: Low Affected Product: Zammad 1.0.x up to 4.0.0 Fixed in: Zammad 4.0.1, 4.1.0 CVE: CVE-2021-35299 Vulnerability Description: The vulnerability allows passwords to be recorded in logs when Zammad probes email connection configurations. An attacker could access credentials if they gain access to the log files. Recommended Resolution: Upgrade to the latest versions of Zammad. Fixed releases are available at: https://zammad.org/ https://ftp.zammad.com/ Additional Info: Advisory online: https://zammad.com/en/advisories/zaa-2021-02 Contact security@zammad.com for security issues.