CVE-2023-29868

Source
https://cve.org/CVERecord?id=CVE-2023-29868
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29868.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-29868
Published
2023-05-02T16:15:08.977Z
Modified
2026-03-14T12:05:35.377648Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.

References

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type
GIT
Repo
https://github.com/zammad/zammad
Events
Database specific
{
    "versions": [
        {
            "introduced": "5.3.0"
        },
        {
            "fixed": "5.4.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29868.json"