CVE-2023-50453

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 6.2.0

Description An issue was discovered in Zammad where it uses the public endpoint "/api/v1/signshow" for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/v1/signshow" endpoint to minimize the risk of exploitation.