CVE-2022-27331
First published: Wed Apr 27 2022(Updated: )
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zammad Zammad | <5.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2022-27331.
What is the title of this vulnerability?
The title of this vulnerability is 'An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users.'
What is the severity of this vulnerability?
The severity of this vulnerability is medium with a score of 4.3 (out of 10).
How does the vulnerability in Zammad v5.0.3 affect users?
The vulnerability in Zammad v5.0.3 allows administrative configuration changes to be visible to all users, including settings that should only be visible to authenticated users.
How can I fix the vulnerability in Zammad v5.0.3?
To fix the vulnerability in Zammad v5.0.3, it is recommended to update to version 5.1.0 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- vendor/zammad
- canonical/zammad zammad