Описание
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zammad | itp | package |
EPSS
Процентиль: 37%
0.00157
Низкий
Связанные уязвимости
CVSS3: 4.3
nvd
10 месяцев назад
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.
CVSS3: 4.3
github
10 месяцев назад
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.
EPSS
Процентиль: 37%
0.00157
Низкий