CVE-2022-27331

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-27331

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27331.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-27331

Published

2022-04-27T03:15:39.563Z

Modified

2025-11-20T12:06:12.145307Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

References

https://zammad.com/de/advisories/zaa-2022-02

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eefae45c2ad6e6a96b8df631d2f50f290ecbd27d

Affected versions

1.*

1.6.0

1.6.1

2.*

2.10.0

3.*

3.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27331.json"