Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
References
Link | Resource |
---|---|
https://zammad.com/en/advisories/zaa-2023-01 | Vendor Advisory |
Configurations
History
10 May 2023, 18:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://zammad.com/en/advisories/zaa-2023-01 - Vendor Advisory | |
CPE | cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:* |
02 May 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-02 16:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-29868
Mitre link : CVE-2023-29868
CVE.ORG link : CVE-2023-29868
JSON object : View
Products Affected
zammad
- zammad
CWE