6.2.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

zammad

NVD

Published: 2023-12-10

Updated: 2023-12-13

Summary

An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.

Vulnerable Configurations

Part	Description	Count
Application	Zammad Zammad Zammad 6.1.0 Zammad Zammad 6.2.0	3

References

https://zammad.com/en/advisories/zaa-2023-07