Security Advisory

CVE-2024-36078

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-19 19:36:21

Last updated 2025-02-13 15:59:16

Assigner mitre

State PUBLISHED

Description

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gems files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user).

← Browse all CVEs View on cve.org ↗