CVE-2023-29868
First published: Tue May 02 2023(Updated: )
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zammad Zammad | >=5.3.0<5.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-29868?
CVE-2023-29868 is a vulnerability in Zammad 5.3.x that allows an authenticated attacker with agent and customer roles to make unauthorized changes on articles where they only have customer permissions.
How can an attacker exploit CVE-2023-29868?
An attacker with both agent and customer roles can exploit CVE-2023-29868 by performing unauthorized changes on articles.
What is the severity of CVE-2023-29868?
CVE-2023-29868 has a severity level of medium.
What is the affected software for CVE-2023-29868?
The affected software for CVE-2023-29868 is Zammad version 5.3.x (Fixed in 5.4.0).
How do I fix CVE-2023-29868?
To fix CVE-2023-29868, update Zammad to version 5.4.0 or later.
- collector/nvd-latest
- collector/nvd-index
- vendor/zammad
- canonical/zammad zammad
- version/zammad zammad/5.3.0