First published: Tue Sep 27 2022(Updated: )
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=5.2.0<5.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-40817.
The affected software is Zammad 5.2.1.
The severity of CVE-2022-40817 is medium with a severity value of 4.3.
Agents were wrongly able to perform operations such as adding and removing links, tags, and related answers on tickets with read-only access.
The issue was fixed in Zammad 5.2.2.