First published: Mon Dec 28 2020(Updated: )
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <3.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-29158.
The severity of CVE-2020-29158 is medium, with a severity value of 4.3.
The affected software is Zammad before version 3.5.1.
CVE-2020-29158 allows an Agent with Customer permissions to bypass access control on internal Articles via the Ticket detail view.
To fix CVE-2020-29158, upgrade to Zammad version 3.5.1 or later.