First published: Mon Dec 28 2020(Updated: )
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <3.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29159 is a vulnerability in Zammad before version 3.5.1.
The severity of CVE-2020-29159 is medium with a severity value of 4.9.
CVE-2020-29159 affects Zammad versions before 3.5.1.
CVE-2020-29159 allows the default signup Role in Zammad to be a privileged Role, if configured by an admin.
To fix CVE-2020-29159, upgrade Zammad to version 3.5.1 or later.