CVE-2022-27332

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-27332

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27332.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-27332

Published

2022-04-27T03:15:39.610Z

Modified

2026-04-10T04:46:30.557946Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

References

https://zammad.com/en/advisories/zaa-2022-01

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type

GIT

Repo

https://github.com/zammad/zammad

Events

Introduced

Fixed

eefae45c2ad6e6a96b8df631d2f50f290ecbd27d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.1.0"
        }
    ]
}

Affected versions

1.*

1.6.0

3.*

3.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27332.json"