PT-2020-11921 · Zammad · Zammad
Published
2020-03-05
·
Updated
2020-03-05
·
CVE-2020-10097
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zammad versions 3.0 through 3.2
Description
The issue may cause the application to respond with verbose error messages, potentially disclosing internal application or infrastructure information. This could aid attackers in exploiting other vulnerabilities.
Recommendations
For versions 3.0 through 3.2, consider configuring the application to handle errors in a way that does not disclose sensitive information, such as implementing custom error messages or logging mechanisms to minimize the risk of information disclosure.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zammad