// For flags

CVE-2020-10096

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache.

Se detectó un problema en Zammad versiones 3.0 hasta 3.2. No impide el almacenamiento en caché de datos confidenciales dentro de la memoria del navegador. Un atacante que compromete remotamente u obtiene acceso físico a la estación de trabajo de un usuario puede examinar el contenido de la memoria caché del navegador y obtener información confidencial. El atacante no necesita estar autenticado con la aplicación para visualizar esta información, ya que estaría disponible por medio de la memoria caché del navegador.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-03-05 CVE Reserved
  • 2020-03-05 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://zammad.com/news/security-advisory-zaa-2020-11 2020-03-05
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zammad
Search vendor "Zammad"
 Zammad
Search vendor "Zammad" for product "Zammad"
 >= 1.0.0 <= 3.2.0
Search vendor "Zammad" for product "Zammad" and version " >= 1.0.0 <= 3.2.0"
-
Affected