Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
References
Link | Resource |
---|---|
https://zammad.com/de/advisories/zaa-2022-12 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-03T00:00:00
Updated: 2023-02-03T00:00:00
Reserved: 2022-12-29T00:00:00
Link: CVE-2022-48023
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-03T01:15:13.527
Modified: 2023-02-09T17:49:46.950
Link: CVE-2022-48023
JSON object: View
Redhat Information
No data.
CWE