CVE-2022-48023

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48023

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48023.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-48023

Published

2023-02-03T01:15:13.527Z

Modified

2025-11-20T12:11:46.635353Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.

References

https://zammad.com/de/advisories/zaa-2022-12

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0266d1733788c637012e38fc8c6de908d37174be

Affected versions

1.*

1.6.0

1.6.1

2.*

2.10.0

3.*

3.7.0

5.*

5.2.0-alpha

5.3.0

5.3.0-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48023.json"