An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-02 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-27T02:47:09
Updated: 2022-04-27T02:47:09
Reserved: 2022-03-21T00:00:00
Link: CVE-2022-27331
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-27T03:15:39.563
Modified: 2022-05-05T19:34:07.233
Link: CVE-2022-27331
JSON object: View
Redhat Information
No data.
CWE