CVE-2024-55578
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 532
Summary
CVE-2024-55578 refers to a vulnerability in Zammad, an open-source helpdesk software, where sensitive data, including auth_microsoft_office365_credentials and application_secrets, are inadvertently logged. This issue can potentially expose important information to unauthorized users who gain access to the log files. Prior to version 6.4.1, Zammad failed to adequately protect these data, putting affected installations at risk. It is advised that users upgrade to the latest version to mitigate the danger.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Zammad