Описание
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zammad:zammad:5.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00134
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
debian
больше 2 лет назад
Insufficient privilege verification in Zammad v5.3.0 allows an authent ...
CVSS3: 4.3
github
больше 2 лет назад
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
EPSS
Процентиль: 34%
0.00134
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-Other