CVE-2020-29159 : An issue was discovered in Zammad before 3.5.1. The default signup Role (for new

An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.

Published 2020-12-28 08:15:12

Updated 2020-12-29 15:45:37

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-29159

Zammad » Zammad
Versions before (<) 3.5.1
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-29159

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-29159

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2020-29159

https://zammad.com/en/advisories/zaa-2020-22

Security Advisory ZAA-2020-22 | Zammad
Vendor Advisory
https://github.com/zammad/zammad/commit/f0462d4c20c2968b52b5dc6a585f26c0409b4fc4

Maintenance: Provide allow_signup column to define the signup permiss… · zammad/zammad@f0462d4 · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-29159

Products affected by CVE-2020-29159

Exploit prediction scoring system (EPSS) score for CVE-2020-29159

CVSS scores for CVE-2020-29159

References for CVE-2020-29159