An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-02 | Patch Vendor Advisory |
Configurations
History
05 May 2022, 19:34
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
CWE | CWE-668 | |
CPE | cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:* | |
References | (MISC) https://zammad.com/de/advisories/zaa-2022-02 - Patch, Vendor Advisory |
27 Apr 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-27 03:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-27331
Mitre link : CVE-2022-27331
CVE.ORG link : CVE-2022-27331
JSON object : View
Products Affected
zammad
- zammad
CWE
CWE-668
Exposure of Resource to Wrong Sphere