CVE-2017-5619

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-5619

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5619.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5619

Published

2017-03-13T06:59:00.293Z

Modified

2026-04-10T04:01:42.473740Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

References

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type

GIT

Repo

https://github.com/zammad/zammad

Events

Introduced

Last affected

0d82236e7bb4f7efa5ab6ae58660264862e16e84

Introduced

Last affected

b13bb2fcaf6311ab0ab8470e797a101a260eaaa7

Introduced

Last affected

e0c6eb0ac60ad0c47efb3ae8f2290a463fbdab00

Introduced

Last affected

e9bfcac03148d5382b257ed93dc4f62cc81856c6

Introduced

Last affected

a01cbd60d6f66a53307ea18ff31f743d17707d05

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0

1.1.1

1.1.2

1.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5619.json"