CVE-2022-27331

2022-04-2703:15:39

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.7%

JSON

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

CPENameOperatorVersion
zammadeq3.7.0
zammadeq1.6.1
zammadeq2.10.0
zammadeq1.6.0

Name	Operator	Version
zammad	eq	3.7.0
zammad	eq	1.6.1
zammad	eq	2.10.0
zammad	eq	1.6.0

References

zammad.com/de/advisories/zaa-2022-02