Описание
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.3.0 (включая) до 5.4.0 (исключая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00259
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-346
Связанные уязвимости
CVSS3: 6.5
debian
почти 3 года назад
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. ...
CVSS3: 6.5
github
почти 3 года назад
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
EPSS
Процентиль: 49%
0.00259
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-346