First published: Thu Oct 07 2021(Updated: )
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <4.1.1 | |
<4.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-42087 is medium, with a severity value of 4.9.
CVE-2021-42087 affects Zammad before version 4.1.1.
In CVE-2021-42087, an admin can discover the application secret via the API in Zammad.
An admin can exploit CVE-2021-42087 by using the API to discover the application secret.
CVE-2021-42087 can be fixed by updating Zammad to version 4.1.1 or later.