CVE-2023-29868

Published: May 2, 2023Modified: Jan 30, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.

Affected (1)

Products: Zammad: Zammad

Zammad

1 product

Zammad

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	From 5.3.0 to 5.4.0

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (2)

https://zammad.com/en/advisories/zaa-2023-01

Source: cve@mitre.org

Vendor Advisory

https://zammad.com/en/advisories/zaa-2023-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.