CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32358
https://notcve.org/view.php?id=CVE-2025-32358
05 Apr 2025 — In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network. • https://zammad.com/en/advisories/zaa-2025-01 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32359
https://notcve.org/view.php?id=CVE-2025-32359
05 Apr 2025 — In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly. • https://zammad.com/en/advisories/zaa-2025-02 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32360
https://notcve.org/view.php?id=CVE-2025-32360
05 Apr 2025 — In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API. • https://zammad.com/en/advisories/zaa-2025-03 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32357
https://notcve.org/view.php?id=CVE-2025-32357
05 Apr 2025 — In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for. • https://zammad.com/en/advisories/zaa-2025-04 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33668
https://notcve.org/view.php?id=CVE-2024-33668
26 Apr 2024 — An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. Se descubrió un problema en Zammad antes de la versión 6.3.0. Zammad Upload Cache utiliza FormID inseguros y parcialmente adivinables para identificar el contenido. • https://zammad.com/en/advisories/zaa-2024-02 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50453
https://notcve.org/view.php?id=CVE-2023-50453
10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public. Se descubrió un problema en Zammad antes de la versión 6.2.0. Utiliza el endpoint público /api/v1/signshow para su pantalla de inicio de sesión. • https://zammad.com/en/advisories/zaa-2023-08 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50454
https://notcve.org/view.php?id=CVE-2023-50454
10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. Se descubrió un problema en Zammad antes de la versión 6.2.0. En varios subsistemas, se utilizó SSL/TLS para establecer conexiones a servicios externos sin la validación adecuada del nombre de host y la autoridad certificadora. • https://zammad.com/en/advisories/zaa-2023-04 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50457
https://notcve.org/view.php?id=CVE-2023-50457
10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions. Se descubrió un problema en Zammad antes de la versión 6.2.0. Al enumerar tickets vinculados a una respuesta de la base de conocimientos, o respuestas de la base de conocimientos de un ticket, un usuario podría ver entradas para las que carece de permisos. • https://zammad.com/en/advisories/zaa-2023-05 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50455
https://notcve.org/view.php?id=CVE-2023-50455
10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim). Se descubrió un problema en Zammad antes de la versión 6.2.0. Debido a la falta de limitación de velocidad en la función "verificación de dirección de correo electrónico", un atacante podría enviar muchas solicitudes a una dirección conocida p... • https://zammad.com/en/advisories/zaa-2023-06 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50456
https://notcve.org/view.php?id=CVE-2023-50456
10 Dec 2023 — An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. Se descubrió un problema en Zammad antes de la versión 6.2.0. Un atacante puede activar enlaces de phishing en correos electrónicos de notificación generados a través de un nombre o apellido manipulados. • https://zammad.com/en/advisories/zaa-2023-07 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •