6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Zammad is a suite of ticket management software from Zammad Germany. version 5.2.1 of Zammad contains an access control error vulnerability, which stems from the existence of faulty access control in the program. Zammadβs asset handling mechanism has logic to ensure that client users cannot see other usersβ personal information, and this logic is invalid when used over a Web socket connection. An authenticated attacker could use this vulnerability to query the Zammad API to obtain other usersβ personal data.
CPE | Name | Operator | Version |
---|---|---|---|
zammad zammad | eq | 5.2.1 |