CVE-2020-10096

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10096

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10096.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-10096

Published

2020-03-05T01:15:11Z

Modified

2024-11-21T04:54:48Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache.

References

https://zammad.com/news/security-advisory-zaa-2020-11

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

9bdf6d7b816d4e55501e13d12dc0d9b53cf16f5c

Last affected

e0ff35cb1492d1fd09f971ead0426ea6acbbef30