First published: Tue Jun 16 2020(Updated: )
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <3.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-14213.
The severity of CVE-2020-14213 is medium with a CVSS score of 5.4.
In Zammad before 3.3.1, a vulnerability allows Customers to access ticket information that should only be available to Agents, such as reading internal data, splitting, or merging.
Zammad versions up to, but excluding, 3.3.1 are affected by CVE-2020-14213.
Yes, upgrading to Zammad version 3.3.1 or later will fix CVE-2020-14213.