CVE-2022-48023

Published: Feb 3, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.

Affected (1)

Products: Zammad: Zammad

Zammad

1 product

Zammad

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	Version 5.3.0

References (2)

https://zammad.com/de/advisories/zaa-2022-12

Source: cve@mitre.org

Vendor Advisory

https://zammad.com/de/advisories/zaa-2022-12

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.