CVE-2022-40817

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
References
Link Resource
https://zammad.com/de/advisories/zaa-2022-10 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*

Information

Published : 2022-09-27 11:15

Updated : 2022-09-29 02:00


NVD link : CVE-2022-40817

Mitre link : CVE-2022-40817

Products Affected
No products.
CWE