Description

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.

Related CPE's

a

zammad

zammad

5.3.0

Vulnerable

References

https://zammad.com/de/advisories/zaa-2022-12

Vendor Advisory

https://zammad.com/de/advisories/zaa-2022-12

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-02-03T00:15:13.527Z

3 years ago

Last modified

2024-11-21T06:32:45.350Z

1 year ago