Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-12 | Vendor Advisory |
Configurations
History
09 Feb 2023, 17:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://zammad.com/de/advisories/zaa-2022-12 - Vendor Advisory | |
First Time |
Zammad zammad
Zammad |
|
CPE | cpe:2.3:a:zammad:zammad:5.3.0:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other |
03 Feb 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-03 01:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-48023
Mitre link : CVE-2022-48023
CVE.ORG link : CVE-2022-48023
JSON object : View
Products Affected
zammad
- zammad
CWE