- Description
- Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-532
- Hype score
- Not currently trending
CVE-2024-55578 Sensitive Data Exposure in Zammad Logs Before Version 6.4.1 In Zammad versions before 6.4.1, sensitive data like Microsoft Office 365 credentials and application secrets are put in the log files. https://t.co/Iic3t5ZVmo
@VulmonFeeds
9 Dec 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55578 Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files. https://t.co/PTu2pIZMDt
@CVEnew
9 Dec 2024
425 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zammad:zammad:6.4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07A23DAC-0498-4955-B357-67A1CC9B68D8"
},
{
"criteria": "cpe:2.3:a:zammad:zammad:6.4.0:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BC8781D-254D-41FB-BEBA-EF0FD4EFF74F"
}
],
"operator": "OR"
}
]
}
]