Design/Logic Flaw

2022-09-2723:15:00

PRIOn knowledge base

www.prio-n.com

zammad

permission

flaw

fixed

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.

CPENameOperatorVersion
zammadge5.2.0
zammadlt5.2.2

CPE	Name	Operator	Version
	zammad	ge	5.2.0
	zammad	lt	5.2.2

References

zammad.com/de/advisories/zaa-2022-10