PT-2023-15554 · Zammad · Zammad
Published
2023-02-03
·
Updated
2023-02-09
·
CVE-2022-48023
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zammad version 5.3.0
Description
Insufficient privilege verification allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. The issue has been corrected so that only agents with write permissions may change ticket tags.
Recommendations
For Zammad version 5.3.0, update to version 5.3.1 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zammad