CVE-2023-50454
10.12.2023, 19:15
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.Enginsight
| Vendor | Product | Version |
|---|---|---|
| zammad | zammad | 6.1.0 |
| zammad | zammad | 6.1.0:alpha |
| zammad | zammad | 6.2.0:alpha |
𝑥
= Vulnerable software versions
Common Weakness Enumeration