CVE-2020-26032
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.
Se detectó un problema de SSRF en Zammad versiones anteriores a 3.4.1. La interfaz de configuración de SMS para Massenversand es implementada de una manera que muestra el resultado de una petición de prueba al Usuario. Un atacante puede usar esto para pedir cualquier URL por medio de una petición GET desde la interfaz de red del servidor. Esto puede conllevar a una divulgación de información de los sistemas de intranet
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-24 CVE Reserved
- 2020-12-28 CVE Published
- 2023-09-13 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://zammad.com/news/security-advisory-zaa-2020-15 | 2020-12-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zammad Search vendor "Zammad" | Zammad Search vendor "Zammad" for product "Zammad" | >= 1.0.0 < 3.4.1 Search vendor "Zammad" for product "Zammad" and version " >= 1.0.0 < 3.4.1" | - |
Affected
| ||||||