First published: Fri Feb 03 2023(Updated: )
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | =5.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-48023.
The affected software is Zammad v5.3.0.
An authenticated attacker can perform changes on the tags of their customer tickets using the Zammad API.
The severity of this vulnerability is medium with a CVSS score of 4.3.
Yes, the vulnerability has been fixed in Zammad v5.3.1.