Zammad before 6.4.1 places sensitive data (such as authmicrosoftoffice365credentials and applicationsecret) in log files.
{
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "6.4.1"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/55xxx/CVE-2024-55578.json",
"cna_assigner": "mitre"
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:zammad:zammad:6.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:zammad:zammad:6.4.0:alpha:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "6.4.0-NA"
},
{
"last_affected": "6.4.0-NA"
},
{
"introduced": "6.4.0-alpha"
},
{
"last_affected": "6.4.0-alpha"
}
]
}