CVE-2020-14214

Published: Jun 16, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://zammad.com/news/security-advisory-zaa-2020-12

x_refsource_MISC

https://github.com/zammad/zammad/commit/40148392426f626cb779c76d6bdda0f67bd6069d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14214

Description

Affected Products

References