An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-13 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-03T00:00:00
Updated: 2023-02-03T00:00:00
Reserved: 2022-12-29T00:00:00
Link: CVE-2022-48022
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-03T01:15:13.367
Modified: 2023-02-09T17:41:52.853
Link: CVE-2022-48022
JSON object: View
Redhat Information
No data.
CWE