First published: Wed Apr 27 2022(Updated: )
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <5.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-27331.
The title of this vulnerability is 'An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users.'
The severity of this vulnerability is medium with a score of 4.3 (out of 10).
The vulnerability in Zammad v5.0.3 allows administrative configuration changes to be visible to all users, including settings that should only be visible to authenticated users.
To fix the vulnerability in Zammad v5.0.3, it is recommended to update to version 5.1.0 or later.