Описание
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zammad | itp | package |
EPSS
Процентиль: 44%
0.00214
Низкий
Связанные уязвимости
CVSS3: 8.6
nvd
почти 2 года назад
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
CVSS3: 8.6
github
почти 2 года назад
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
EPSS
Процентиль: 44%
0.00214
Низкий