First published: Thu May 18 2023(Updated: )
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <5.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Zammad v5.4.0 is CVE-2023-31597.
The severity of CVE-2023-31597 is medium with a CVSS score of 6.5.
CVE-2023-31597 allows attackers to bypass e-mail verification and manipulate user data, as well as gain unauthorized access to existing tickets in Zammad v5.4.0.
An attacker can exploit CVE-2023-31597 by using an arbitrary email address to bypass e-mail verification and manipulate user data, as well as gain unauthorized access to existing tickets.
Yes, a fix for CVE-2023-31597 is available. Please refer to the official advisory from Zammad for more information.