Zammad · Zammad · CVE-2020-14214
**Name of the Vulnerable Software and Affected Versions**
Zammad versions prior to 3.3.1
**Description**
The issue relies on a claimed e-mail address for authorization decisions when Domain Based Assignment is enabled. An attacker can register a new account to gain access to all tickets of an arbitrary Organization.
**Recommendations**
For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the Domain Based Assignment feature until a patch is available. Restrict access to sensitive tickets and organizations to minimize the risk of exploitation.