CVE-2020-26032

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 3.4.1

Description A Server-Side Request Forgery (SSRF) issue was discovered in the SMS configuration interface for Massenversand. This interface is implemented in a way that renders the result of a test request to the user, allowing an attacker to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.

Recommendations For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMS configuration interface for Massenversand to minimize the risk of exploitation.