CVE-2023-29867

Published: May 2, 2023Modified: Jan 30, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.

Affected (1)

Products: Zammad: Zammad

Zammad

1 product

Zammad

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	From 5.3.0 to 5.4.0

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (2)

https://zammad.com/en/advisories/zaa-2023-02

Source: cve@mitre.org

Vendor Advisory

https://zammad.com/en/advisories/zaa-2023-02

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.