CVE-2023-29868
Published May 2, 2023
Last updated 2 years ago
Overview
- Description
- Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3045D03D-6898-46CE-B824-63371B30D621",
"versionEndExcluding": "5.4.0",
"versionStartIncluding": "5.3.0"
}
],
"operator": "OR"
}
]
}
]