Vulnerabilities > CVE-2022-48023 - Unspecified vulnerability in Zammad 5.3.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

zammad

NVD

Published: 2023-02-03

Updated: 2023-02-09

Summary

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.

Vulnerable Configurations

Part	Description	Count
Application	Zammad Zammad Zammad 5.3.0	1

References

https://zammad.com/de/advisories/zaa-2022-12