CVE-2022-35487

Name of the Vulnerable Software and Affected Versions Zammad version 5.2.0

Description The issue is related to Incorrect Access Control in Zammad, where the software did not correctly perform authorization on certain attachment endpoints. This could be exploited by an unauthenticated attacker to gain access to attachments, such as emails or attached files.

Recommendations For Zammad version 5.2.0, update to a version that correctly performs authorization on attachment endpoints to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.