Описание
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.2.0 (включая) до 5.2.2 (исключая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 4.3
debian
больше 3 лет назад
Zammad 5.2.1 has a fine-grained permission model that allows to config ...
CVSS3: 4.3
github
больше 3 лет назад
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
EPSS
Процентиль: 38%
0.00165
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732