ГлавнаяУязвимости → CVE-2024-33668
9.1критическая

CVE-2024-33668

Описание

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to.

Затрагиваемое ПО
Zammad Zammad
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://zammad.com/en/advisories/zaa-2024-02https://zammad.com/en/advisories/zaa-2024-02