nvd-json-data-feeds/CVE-2020/CVE-2020-101xx/CVE-2020-10104.json

{
  "id": "CVE-2020-10104",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-03-05T01:15:12.117",
  "lastModified": "2024-11-21T04:54:49.303",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Zammad versiones 3.0 hasta 3.2. Despu\u00e9s de la autenticaci\u00f3n, transmite informaci\u00f3n confidencial al usuario que puede ser comprometida y usada por un atacante para conseguir acceso no autorizado. Unas contrase\u00f1as en hash se devuelven al usuario cuando visita una determinada URL."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "baseScore": 4.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.0.0",
              "versionEndIncluding": "3.2.0",
              "matchCriteriaId": "3AD23B79-5882-4221-8D16-D332A1441814"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://zammad.com/news/security-advisory-zaa-2020-04",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://zammad.com/news/security-advisory-zaa-2020-04",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}