CVE-2023-29867

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29867

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29867.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29867

Published

2023-05-02T16:15:08.923Z

Modified

2025-11-19T17:35:29.476049Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.

References

https://zammad.com/en/advisories/zaa-2023-02

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

0266d1733788c637012e38fc8c6de908d37174be

Fixed

2fb8d15c59184bac8a49d4f4e4ba499dec9b581b

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29867.json"