Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-08 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-08T13:51:36
Updated: 2022-08-08T13:51:36
Reserved: 2022-07-11T00:00:00
Link: CVE-2022-35487
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-08T14:15:10.767
Modified: 2022-08-12T14:37:31.970
Link: CVE-2022-35487
JSON object: View
Redhat Information
No data.
CWE