PT-2022-25554 · Zammad · Zammad
Published
2022-09-27
·
Updated
2022-09-29
·
CVE-2022-40817
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zammad versions 5.2.1
Description
The issue concerns a fine-grained permission model in Zammad that allows configuration of read-only access to tickets. However, agents were still able to perform certain operations on these tickets, such as adding and removing links, tags, and related answers, despite the read-only setting.
Recommendations
For Zammad version 5.2.1, update to version 5.2.2 to resolve the issue.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zammad