ID: ZAA-2021-08 Date: 10/05/2020 Title: Server Side Request forgery via GitHub/GitLab integration Severity: medium Product: Zammad 1.0.x up to 4.1.0 Fixed in: Zammad 4.1.1, 5.0.0 References: - → CVE: CVE-2021-42091 Vulnerability Descriptions: Server Side Request forgery via GitHub/GitLab integration: Zammad includes a GitHub and GitLab integration to view the status of linked issues. If misconfigured, a Server Side Request forgery can be performed using a malicious URL. Recommended Resolution: Upgrade to the latest version of Zammad where the vulnerability is fixed. Fixed releases are available at: - https://zammad.org/ - https://ftp.zammad.com/ Alternatively, update Zammad via your OS package manager if applicable.