CVE-2022-40817

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-40817

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40817.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-40817

Published

2022-09-27T23:15:16Z

Modified

2025-01-08T09:12:06.571574Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.

References

https://zammad.com/de/advisories/zaa-2022-10

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

29bf395d540985d2c78137c50ef48c975398af93

Fixed

80ed32a94d3a7018d40c0695840258c5556223c5

Affected versions

5.*

5.2.0

5.2.1