First published: Fri Feb 03 2023(Updated: )
An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | =5.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-48022.
The title of this vulnerability is 'An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.'
The severity of CVE-2022-48022 is medium.
The affected software version is Zammad v5.3.0.
An attacker with agent permissions can exploit this vulnerability by accessing the /api/v1/mentions component to view unauthorized information about tickets.