An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
CPE | Name | Operator | Version |
---|---|---|---|
zammad | eq | 6.1.0 alpha | |
zammad | eq | 6.1.0 | |
zammad | eq | 6.2.0 alpha |