zammad | web based open source helpdesk/customer support system
kandi X-RAY | zammad Summary
kandi X-RAY | zammad Summary
zammad is a Ruby library typically used in Telecommunications, Media, Telecom, Apps, Ruby On Rails applications. zammad has no bugs, it has a Strong Copyleft License and it has medium support. However zammad has 20 vulnerabilities. You can download it from GitHub.
Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails. It is distributed under version 3 of the GNU AFFERO General Public License (GNU AGPLv3). Do you receive many e-mails and want to answer them with a team of agents?.
Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails. It is distributed under version 3 of the GNU AFFERO General Public License (GNU AGPLv3). Do you receive many e-mails and want to answer them with a team of agents?.
Support
Quality
Security
License
Reuse
Support
zammad has a medium active ecosystem.
It has 3433 star(s) with 648 fork(s). There are 128 watchers for this library.
It had no major release in the last 6 months.
There are 446 open issues and 3780 have been closed. On average issues are closed in 645 days. There are 7 open pull requests and 0 closed requests.
It has a neutral sentiment in the developer community.
The latest version of zammad is 6.0.0
Quality
zammad has 0 bugs and 0 code smells.
Security
zammad has 20 vulnerability issues reported (2 critical, 6 high, 12 medium, 0 low).
zammad code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.
License
zammad is licensed under the AGPL-3.0 License. This license is Strong Copyleft.
Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.
Reuse
zammad releases are not available. You will need to build from source code and install.
It has 219513 lines of code, 5518 functions and 2976 files.
It has medium code complexity. Code complexity directly impacts maintainability of the code.
Top functions reviewed by kandi - BETA
kandi has reviewed zammad and discovered the below as its top functions. This is intended to give you an instant insight into zammad implemented functionality, and help decide if they suit your requirements.
- start the SMTP server
- Import an object from the database .
- Removes a job from the active job .
- Push a list of callbacks
- Returns an array of field names for the specified field .
- Returns the raw value .
- Checks if the user has permission for authorization
- Copies the value for a given key
- Add cookie to the cookie
- Calculate the draft
Get all kandi verified functions for this library.
zammad Key Features
No Key Features are available at this moment for zammad.
zammad Examples and Code Snippets
No Code Snippets are available at this moment for zammad.
Community Discussions
Trending Discussions on zammad
QUESTION
Zammad API: Create ticket with tag
Asked 2020-Nov-11 at 13:40
For those who don't want to read the whole question:
I'm looking for the index in the API-Request (Zammad) to set a tag while creating a ticket.
Details:
I'm using PHP to make an API-Request to my server where Zammad is installed. The following shows the data i sent via curl:
ANSWER
Answered 2020-Nov-11 at 13:40I've looked inside the code, its written in ruby. The index is 'tags' and needs to be sperated by ,.
Basicly:
QUESTION
Docker-Compose only looks in /opt/redash
Asked 2020-Jun-18 at 20:13
I am trying to use a docker-compose.yml file in my current directory /home/brian/zammad/docker-compose.yml
When I run the docker-compose up command, however, it tells me no such file in /opt/redash/docker-compose.yml
Well, that's true, because I got rid of Redash. But Redash has nothing to do with this application, so why is it insistent on trying ony to run that docker-compose.yml file?
I've never seen this before.
Running Ubuntu 18.04 64 bit Docker-CE version 19.03.11 Docker-Compose version 1.22.0 from apt.
Thanks for any help.
...ANSWER
Answered 2020-Jun-18 at 20:13docker-compose up and down reuse the settings created by the latest docker-compose command specific for the directory you are working on (called a Docker Compose project whose name you can set by the -p flag of docker-compose). The settings include the original docker-compose.yaml file the project was built on, which will not be re-built on each up.
To force rebuilding the whole project based on the current docker-compose.yaml, or another file via the -f flag, just run docker-compose again.
QUESTION
how to update a ticket in Zammad via API
Asked 2020-Jun-05 at 13:29
My goal is to create a ticket in Zammad using the API and then to update it (for.
the reference for such basic tasks is here
I am using Postman to send requests.
I use the bearer token authentication, the token has been generated for a user who is ticket.agent (and he is admin too).
I manage to succesfully create a ticket by doing a post request to
...ANSWER
Answered 2020-Jun-05 at 13:19To update the ticket you would need to use this endpoint:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
CVE-2020-26034 MEDIUM
An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.
CVE-2020-29158 MEDIUM
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
CVE-2020-29159 MEDIUM
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
CVE-2020-29160 HIGH
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.
CVE-2020-26028 MEDIUM
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.
CVE-2020-26029 MEDIUM
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
CVE-2020-26030 CRITICAL
An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
CVE-2020-26031 MEDIUM
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
CVE-2020-26032 HIGH
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.
CVE-2020-26033 MEDIUM
An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
CVE-2020-26035 MEDIUM
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.
CVE-2020-14214 MEDIUM
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
CVE-2020-14213 MEDIUM
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
CVE-2020-10105 MEDIUM
An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html)
CVE-2020-10102 MEDIUM
An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supplied was recognized as associated with a valid user. This behavior could be used as part of a two-stage automated attack. During the first stage, an attacker would iterate through a list of account names to determine which correspond to valid accounts. During the second stage, the attacker would use a list of common passwords to attempt to brute force credentials for accounts that were recognized by the system in the first stage.
CVE-2020-10100 MEDIUM
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket data from other companies. Due to the multi-tenant nature of this application, users who can access ticket details from one organization to the next allows for users to exfiltrate potentially sensitive data of other companies.
CVE-2020-10101 HIGH
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
CVE-2020-10096 HIGH
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache.
CVE-2020-10097 MEDIUM
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
CVE-2020-10098 MEDIUM
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
Install zammad
You can download it from GitHub.
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.
Support
Thanks! ❤️ ❤️ ❤️.
Find more information at:
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
