Описание
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.3.0 (включая) до 5.4.0 (исключая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-346
Связанные уязвимости
CVSS3: 6.5
debian
почти 3 года назад
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Contro ...
CVSS3: 6.5
github
почти 3 года назад
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
EPSS
Процентиль: 39%
0.00176
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-346