First published: Mon Oct 11 2021(Updated: )
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <5.0.1 | |
<5.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue with Zammad is CVE-2021-42137.
The severity of CVE-2021-42137 is medium, with a CVSS score of 5.3.
CVE-2021-42137 affects Zammad versions up to and including 5.0.1.
The impact of CVE-2021-42137 is improper enforcement of the privilege requirement for viewing a list of tickets in Zammad.
To fix CVE-2021-42137, upgrade to Zammad version 5.0.2 or later.