CVE-2024-55578

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 532

Summary

CVE-2024-55578 refers to a vulnerability in Zammad, an open-source helpdesk software, where sensitive data, including auth_microsoft_office365_credentials and application_secrets, are inadvertently logged. This issue can potentially expose important information to unauthorized users who gain access to the log files. Prior to version 6.4.1, Zammad failed to adequately protect these data, putting affected installations at risk. It is advised that users upgrade to the latest version to mitigate the danger.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share