CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
References
Link Resource
https://zammad.com/de/advisories/zaa-2022-12 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zammad:zammad:5.3.0:*:*:*:*:*:*:*

Information

Published : 2023-02-03 01:15

Updated : 2023-02-09 05:49


NVD link : CVE-2022-48023

Mitre link : CVE-2022-48023

Products Affected
No products.