CVE-2022-27331

Published: Apr 27, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

Affected (1)

Products: Zammad: Zammad

Zammad

1 product

Zammad

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	Before 5.1.0

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://zammad.com/de/advisories/zaa-2022-02

Source: cve@mitre.org

PatchVendor Advisory

https://zammad.com/de/advisories/zaa-2022-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.