CVE-2020-29159

2020-12-2808:15:11

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.4%

JSON

An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.

CPENameOperatorVersion
zammadeq1.6.1
zammadeq1.6.0
zammadeq2.10.0
zammadeq3.7.0

Name	Operator	Version
zammad	eq	1.6.1
zammad	eq	1.6.0
zammad	eq	2.10.0
zammad	eq	3.7.0

References

github.com/zammad/zammad/commit/f0462d4c20c2968b52b5dc6a585f26c0409b4fc4

zammad.com/en/advisories/zaa-2020-22