First published: Sun Dec 10 2023(Updated: )
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | =6.1.0 | |
Zammad Zammad | =6.1.0-alpha | |
Zammad Zammad | =6.2.0-alpha |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.