CVE-2022-27332

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-27332

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27332.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-27332

Published

2022-04-27T03:15:39Z

Modified

2025-01-08T08:48:25.952529Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

References

https://zammad.com/en/advisories/zaa-2022-01

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eefae45c2ad6e6a96b8df631d2f50f290ecbd27d

Affected versions

1.*

1.6.0

1.6.1

2.*

2.10.0

3.*

3.7.0