Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-10 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-27T15:24:41
Updated: 2022-09-27T15:24:41
Reserved: 2022-09-19T00:00:00
Link: CVE-2022-40817
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-27T23:15:16.543
Modified: 2022-09-29T14:00:47.583
Link: CVE-2022-40817
JSON object: View
Redhat Information
No data.
CWE