Vulnerabilities > CVE-2023-31597 - Incorrect Authorization vulnerability in Zammad

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
zammad
CWE-863

Summary

An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.

Vulnerable Configurations

Part Description Count
Application
Zammad
77

Common Weakness Enumeration (CWE)