First published: Sun Dec 10 2023(Updated: )
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | =6.1.0 | |
Zammad Zammad | =6.1.0-alpha | |
Zammad Zammad | =6.2.0-alpha |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.