First published: Mon Jun 28 2021(Updated: )
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=1.0.0<=4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Zammad vulnerability is CVE-2021-35302.
The severity level of CVE-2021-35302 is medium with a CVSS score of 5.3.
CVE-2021-35302 allows remote attackers to obtain sensitive information by exploiting an incorrect access control for linked tickets in Zammad 1.0.x up to 4.0.0.
Zammad versions 1.0.x up to 4.0.0 are affected by CVE-2021-35302.
To fix the vulnerability in Zammad, upgrade to a version higher than 4.0.0.