CVE-2023-29868

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29868

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29868.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29868

Published

2023-05-02T16:15:08Z

Modified

2025-01-30T17:15:15Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.

References

https://zammad.com/en/advisories/zaa-2023-01

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

0266d1733788c637012e38fc8c6de908d37174be

Fixed

2fb8d15c59184bac8a49d4f4e4ba499dec9b581b