CVE-2020-10104: 
NixOS vulnerability analysis and mitigation

An authentication bypass vulnerability was discovered in Zammad versions 3.0 through 3.2, identified as CVE-2020-10104. The vulnerability was disclosed on March 3, 2020, affecting the Zammad helpdesk software system. When authenticated users visit specific URLs, the system inappropriately transmits sensitive information that could potentially be compromised (CVE Mitre, Zammad Advisory).

The vulnerability allows authenticated users to access hashed passwords when visiting certain URLs within the Zammad system. This security flaw affects Zammad versions from 1.0.x up to 3.2.0. The issue was assigned a 'high' severity rating by the vendor (Zammad Advisory).

If exploited, this vulnerability could lead to unauthorized access to the system as attackers could potentially compromise the exposed hashed passwords. The exposure of password hashes significantly increases the risk of credential-based attacks (CVE Mitre).

The vulnerability has been fixed in Zammad versions 3.2.1 and 3.3.0. Users are strongly recommended to upgrade to these or newer versions. Updates can be obtained through the official Zammad website, FTP server, or through OS package managers (Zammad Advisory).

The vulnerability was acknowledged and addressed by the Guardian Project and the Center for Digital Resilience, who were credited in the security advisory for their involvement (Zammad Advisory).