ZAA-2021-02
· Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!
· Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!
Zammad comes with a functionality to automatically probe the email connection configuration. Whenever a full probing (inbound and outbound) connection configuration was probed successfully the valid credentials were logged to the Zammad application log file. This would allow an attacker to read the valid credentials when access to this file would be possible.
Special 🙏 and 🤘 and ❤️ to:
This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.
Fixed releases can be found at:
Online version of this advisory: https://zammad.com/en/advisories/zaa-2021-02
Send all remarks to security issues to security@zammad.com.