CVE-2020-10105

MEDIUM Year: 2020
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html)

Related Vulnerabilities

CVE-2019-14273

MEDIUM
CVSS:5.3(Medium)

In SilverStripe assets 4.0, there is broken access control on files.

CWE-5522019

CVE-2019-20593

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

CWE-5522019

CVE-2019-3897

MEDIUM
CVSS:5.3(Medium)

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this ...

CWE-5522019

CVE-2020-13953

MEDIUM
CVSS:5.3(Medium)

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

CWE-5522020

CVE-2021-33843

MEDIUM
CVSS:5.3(Medium)

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values su...

CWE-5522021

CVE-2022-25497

MEDIUM
CVSS:5.3(Medium)

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

CWE-5522022