CVE-2020-26033 (zammad)

Leave a reply

An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.

View Full Alert

Related Posts

  • CVE-2020-26028 (zammad)

    An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets. View Full Alert

  • CVE-2020-26031 (zammad)

    An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). View Full Alert

  • CVE-2020-26029 (zammad)

    An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the…

Leave a Reply