Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-36078

May 19, 2024, 8:15 p.m.

Product(s) Impacted

Zammad

  • before 6.3.1

Description

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user).

Weaknesses

Date

Published: May 19, 2024, 8:15 p.m.

Last Modified: May 19, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://zammad.com/ cve@mitre.org