Security Advisory

CVE-2022-48023

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-03 00:00:00

Last updated 2024-08-03 15:02:36

Assigner mitre

State PUBLISHED

Description

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.

← Browse all CVEs View on cve.org ↗