First published: Tue May 02 2023(Updated: )
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=5.3.0<5.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29868 is a vulnerability in Zammad 5.3.x that allows an authenticated attacker with agent and customer roles to make unauthorized changes on articles where they only have customer permissions.
An attacker with both agent and customer roles can exploit CVE-2023-29868 by performing unauthorized changes on articles.
CVE-2023-29868 has a severity level of medium.
The affected software for CVE-2023-29868 is Zammad version 5.3.x (Fixed in 5.4.0).
To fix CVE-2023-29868, update Zammad to version 5.4.0 or later.