CVE-2020-26029

An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
References
Configurations

Configuration 1

cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*

Information

Published : 2020-12-28 08:15

Updated : 2020-12-29 02:40


NVD link : CVE-2020-26029

Mitre link : CVE-2020-26029

Products Affected
No products.
CWE