CVE-2021-44886

Published: Feb 4, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.

Affected (1)

Products: Zammad: Zammad

Zammad

1 product

Zammad

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	Version 5.0.2

References (2)

https://zammad.com/en/advisories/zaa-2021-21

Source: cve@mitre.org

Vendor Advisory

https://zammad.com/en/advisories/zaa-2021-21

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.