An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31597.json",
"cna_assigner": "mitre"
}